Joomla close very dangerous sql injectiebeveilingingslek




Joomla close very dangerous sql injectiebeveilingingslek

CMS Joomla builder has patched three vulnerabilities, including a very critical orifice through which SQL injection can be performed. The sql problem is in version 3.2 to 3.4.4 and was discovered by Trustwave Spider Labs. The patch increases the version number slightly over 3.4.5.

Joomla! fpa The researcher Trustwave Asaph Orpani, could together with the other security issues, have full access to all vulnerable joomla site, writes Trustwave on his blog. Joomla had on October 20, according W3Techs 6.6 percent of the market for website cms “in hand, which would mean that approximately 2.8 million websites running on the CMS. The patch to Joomla 3.4.5 can be downloaded from the Joomla site. Besides the three security updates, nothing has changed in the code of the CMS.

In preparation for the patch, gave Joomla on October 16 that there is already a very important patch would come out on October 22, making the most server administrators which runs on Joomla, will have already been familiar with the advent of the patch. Further details were not released then.

The problem in Joomla is due to insufficient filtering of data that is requested. Besides the sql problems, are two other bugs in the com_contenthistory- and com_content feature that allows attackers to gain access to data that normally only users with the appropriate rights must be visible. Com_content the vulnerability is in Joomla versions 3.0 through 3.4.4 instead of 3.2 to 3.4.4.

The sql vulnerability is in /administartor/components/com_contenthistory/models/history.php. By carrying out a sql-injection, then an error page is displayed. The error report at the bottom of the page is a session ID. After pasting the session ID in the cookie section in the request to enter the / administartor / directory, be granted administrator rights and gained access to the admin control panel. A detailed description of the whole hack stands on the Trustwave blog.


In: Technology & Gadgets Asked By: [15456 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »