FreeBSD : joomla -- multiple vulnerabilities (8d10038e-515c-11df-83fb-0015587e2cc1)

high Nessus Plugin ID 46005

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Joomla! reported the following vulnerabilities :

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system..

The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.

Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user.

When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with a SQL injection vulnerability.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?544f5bdf

http://www.nessus.org/u?46e95eb8

http://www.nessus.org/u?d40d96f1

http://www.nessus.org/u?c02115f1

http://www.nessus.org/u?2191ab42

Plugin Details

Severity: High

ID: 46005

File Name: freebsd_pkg_8d10038e515c11df83fb0015587e2cc1.nasl

Version: 1.11

Type: local

Published: 4/27/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:joomla15, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/26/2010

Vulnerability Publication Date: 4/23/2010