Multiple vulnerabilities in Joomla 1.5 RC 1



Hi,
There are several security bugs in Joomla 1.5 RC 1 :
1) An exploitable sql injection in the archive section . I sent the exploit
to the joomla developer, but here I am not going to publish it :)
2) A XSS bug, again in the archive section .
3) Several full path disclosure bugs . Direct access to many .../tmpl/...php
files, will expose the full installation path .
Joomla has released a new version (Joomla 1.5 RC 2) .


- Omid



Relevant Pages

  • [Full-disclosure] The vulnerabilities festival !
    ... *) Several sql injection and full path disclosure bugs in Joomla 1.5.0 Beta ...
    (Full-Disclosure)
  • Re: Suggest a CMS
    ... On 7/3/07, Shrinivasan T wrote: ... I put Joomla. ... it is more complex and has some bugs. ... Modify settings or unsubscribe at: ...
    (Ubuntu)
  • Suggest a CMS
    ... I put Joomla. ... it is more complex and has some bugs. ... Is there any other good CMS? ... My experiences with Linux are here ...
    (Ubuntu)
  • Re: Suggest a CMS
    ... Shrinivasan T wrote: ... it is more complex and has some bugs. ... Is there any other good CMS? ... much better and cleaner that that of Joomla. ...
    (Ubuntu)
  • Several vulnerabilities in CMS Made Simple 1.1.3.1
    ... upload files to the server, or can make users by posting data to ... There are 2 XSS bugs in the script. ... There are 13 full path disclosure bugs. ... Direct access to several files ...
    (Bugtraq)