Vulnerabilities in search function of Joomla! 1.5 beta 2
An advisory by SEC Consult describes a vulnerability in the search function of beta version 2 of the popular Joomla! content management system (CMS) that allows the execution of arbitrary PHP commands, including operating system commands (via system() calls). SEC Consult have informed the Joomla! developers, and a patched Joomla! 1.5 RC1 update is now available to download.
While earlier beta versions of Joomla! 1.5 have not been tested and might also contain the bug, the stable Joomla! 1.0.x version is not affected.
- SEC Consult advisory SA-20070722-0 at Full-Disclosure
- Joomla 1.5 Core RC 1, download at joomlacode.org