QwikSec

Security Database

CVE

CWE

Training

CVE-2013-1453

Published: Feb 13, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html

x_refsource_CONFIRM

http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability

x_refsource_MISC

http://karmainsecurity.com/KIS-2013-03

x_refsource_MISC

joomla-search-information-disclosure(81925)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.