9 matches found
Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability
No description provided by source. ------------------------------------------------------------------- Joomla! = 3.0.2 highlight.php PHP Object Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://www.joomla.org/ - Affected Versions:...
[KIS-2013-03] Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability
------------------------------------------------------------------- Joomla! = 3.0.2 highlight.php PHP Object Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://www.joomla.org/ - Affected Versions: Version 3.0.2 and earlier 3.0.x...
Joomla! 3.0.2 PHP Object Injection
------------------------------------------------------------------- Joomla! request-get'highlight', null, 'base64'; 58. $terms = $terms ? unserializebase64decode$terms : null; User input passed through the "highlight" parameter is not properly sanitized before being used in an unserialize call at...
Joomla! 3.0.2 - 'highlight.php' PHP Object Injection
------------------------------------------------------------------- Joomla! request-get'highlight', null, 'base64'; 58. $terms = $terms ? unserializebase64decode$terms : null; User input passed through the "highlight" parameter is not properly sanitized before being used in an unserialize call at...
CVE-2013-1453
creationtimestamp| type| source ---|---|--- 2013-02-27 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/24551...
Joomla! 3.0.2 - highlight.php PHP Object Injection
Joomla! 3.0.2 - highlight.php PHP Object Injection ------------------------------------------------------------------- Joomla! request-get'highlight', null, 'base64'; 58. $terms = $terms ? unserializebase64decode$terms : null; User input passed through the "highlight" parameter is not properly...
Joomla <=2.5.8,<=3.0.2 remote tcp connections opener
Joomla core plugin 'highlight' unserializes not trusted input. Plugin is enabled by default in standard joomla installation. This proof of concept exploit uses JStream joomla class to make target opens remote tcp connections to custom address, therefore multiple vulnerable joomla instances can be...
Joomla! 2.5.x < 2.5.9 / 3.0.x < 3.0.3 Multiple Vulnerabilities
According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.9 or 3.0.x prior to 3.0.3. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the highlight.php script, within the...
CVE-2013-1453
CVE-2013-1453 affects Joomla! versions 3.0.x up to 3.0.2 and 2.5.x up to 2.5.8. The vulnerability resides in /plugins/system/highlight/highlight.php, where user input through the highlight parameter is base64-decoded and then passed to unserialize(), enabling an attacker to inject arbitrary PHP o...