CVE-2013-1453
N/A
N/A
Summary
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html
- http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability
- http://karmainsecurity.com/KIS-2013-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81925
References
- http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html
- http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability
- http://karmainsecurity.com/KIS-2013-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81925
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.