In association with heise online

11 September 2008, 10:08

Four vulnerabilities in Joomla eliminated

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Joomla 1.5.7 "Wovusani" has been released by the Joomla developers, closing four security problems. According to the Joomla Security Centre, the most critical flaw was a hole in JRequest, where variables set with JRequest::setVar were not sanitised when being retrieved later. They also listed a high severity issue with the random number generation within Joomla, which made it easier for a brute force attack to guess generated tokens and passwords.

Two low severity flaws were also fixed, one which allowed unvalidated URLs to be passed to the mailto component and another which allowed unvalidated URLs to be used in redirection. The Joomla developers recommend upgrading to Joomla 1.5.7, which also fixes a number of non-security bugs.

See Also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-737259
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit