|CERT-In Vulnerability Note
Remote Code Execution Vulnerabilities in Joomla
Original Issue Date:December 16, 2015
Severity Rating: HIGH
- Joomla! CMS versions 1.5.0 through 3.4.5
- Joomla! Framework Session package versions 1.0.0 through 1.3.0
Two vulnerabilities have been reported in Joomla! which could be exploited by remote attacker to obtain data from targeted system┐s user session to disclose sensitive information.
These vulnerabilities exist in Joomla! due to the improper sanitization of browser information while saving the session details into the database.
Successful exploitation of this vulnerability could allow a remote attacker to execute code on the targeted system.
Upgrade to latest version of
Joomla! CMS 3.4.6 and
Joomla! Framework Session package version 1.3.1
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003