In association with heise online

23 July 2007, 08:42

Vulnerabilities in search function of Joomla! 1.5 beta 2

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An advisory by SEC Consult describes a vulnerability in the search function of beta version 2 of the popular Joomla! content management system (CMS) that allows the execution of arbitrary PHP commands, including operating system commands (via system() calls). SEC Consult have informed the Joomla! developers, and a patched Joomla! 1.5 RC1 update is now available to download.

While earlier beta versions of Joomla! 1.5 have not been tested and might also contain the bug, the stable Joomla! 1.0.x version is not affected.

The vendor does not recommend the use of Joomla! 1.5 in operational systems, but advises users instead to use the stable version Joomla! 1.0.x (the latest version is version 1.0.13).

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit