Vulners
Lucene search
Joomla Themes Cross Site Scripting / Denial Of Service
`Hello list!
I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse
of Functionality and Denial of Service vulnerabilities in multiple themes
and components for Joomla.
-------------------------
Affected products:
-------------------------
Similarly to vulnerabilities in multiple themes for WordPress, Drupal and
ExpressionEngine, also the next themes and components for Joomla are
vulnerable: theme PBV MULTI VirtueMart Theme for component VirtueMart,
component Registration and component Handy Photo Album.
Vulnerable are versions of these themes and components with TimThumb 1.24
and previous versions. In particular vulnerable are PBV MULTI VirtueMart
Theme 1.0.5 and previous versions, Registration 1.0.0 and Handy Photo Album
1.0.1 and previous versions. Beside these ones there are many other
vulnerable themes and components for Joomla. The name of affected script can
be timthumb.php or thumb.php.
----------
Details:
----------
Cross-Site Scripting (WASC-08), Full path disclosure (WASC-13), Abuse of
Functionality (WASC-42) and Denial of Service (WASC-10) vulnerabilities are
similar to those in earlier mentioned themes for WordPress, Drupal and
ExpressionEngine. Because these themes and components contain TimThumb,
about vulnerabilities in which I wrote earlier
(http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080258.html).
Theme PBV MULTI VirtueMart Theme for component VirtueMart for Joomla:
Full path disclosure (WASC-13):
http://site/components/com_virtuemart/themes/pbv_multi/scripts/timthumb.php?src=http://
Vulnerable to Full path disclosure, Abuse of Functionality and DoS. In case
of AoF and DoS the access is possible only to current and allowed sites.
Component Registration, which is part of Joomla:
XSS (WASC-08):
http://site/components/com_registration/script/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E
Vulnerable to XSS, Full path disclosure, Abuse of Functionality and DoS.
Component Handy Photo Album for Joomla:
XSS (WASC-08):
http://site/components/com_hpalbum/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E
Vulnerable to XSS, Full path disclosure, Abuse of Functionality and DoS.
------------
Timeline:
------------
2011.02.08 - informed developer of TimThumb.
2011.02.13 - developer of TimThumb released version 1.25.
2011.04.22 - disclosed at my site about vulnerabilities in multiple themes
and components for Joomla.
2011.04.23 - informed developers of Joomla and developers of mentioned theme
and components (if they still haven't updated from 13th of February).
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/5102/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Apr 2011 00:00Current
0.5Low risk
Vulners AI Score0.5