Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1453

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-1453
Last Modified 06 Mar 2013 12:00:00
Published 12 Feb 2013 08:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-1453

Summary

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.

Vulnerable Systems

Application

  • Joomla%21 2.5.0

  • Joomla%21 2.5.1

  • Joomla%21 2.5.2

  • Joomla%21 2.5.3

  • Joomla%21 2.5.4

  • Joomla%21 2.5.5

  • Joomla%21 2.5.6

  • Joomla%21 2.5.7

  • Joomla%21 2.5.8

  • Joomla%21 3.0.0

  • Joomla%21 3.0.1

  • Joomla%21 3.0.2


References

XF - joomla-search-information-disclosure(81925)

CONFIRM - http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html

MISC - http://karmainsecurity.com/KIS-2013-03

MISC - http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability


Last Updated: 27 May 2016 11:01:53