Info

Disclosure

Dec 27, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 1.5 RC4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Open Source Matters, Inc.	Joomla!	1.0.13
		1.5 RC3
		1.5 RC4

References

Security Tracker: 1019145
CVE ID: 2007-6642 (see also: NVD)
Bugtraq ID: 28111
Secunia Advisory ID: 28219 29257
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0360.html
http://archives.neohapsis.com/archives/bugtraq/2008-01/0088.html
http://archives.neohapsis.com/archives/bugtraq/2008-01/0089.html
http://archives.neohapsis.com/archives/bugtraq/2008-03/0017.html
Other Advisory URL: http://blog.phil-taylor.com/2008/01/02/joomla-1013-contains-a-csrf-vulnerbility/
http://securityreason.com/securityalert/3505
http://www.hackerscenter.com/archive/view.asp?id=28138
http://www.joomla.org/content/view/4335/116/ [ Link is 404 ]
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:060
Vendor Specific News/Changelog Entry: http://forum.joomla.org/index.php/topic,248109.msg1136076.html#msg1136076
http://joomlacode.org/gf/project/joom...ckerItemEdit&tracker_item_id=7358
Packet Storm: http://packetstormsecurity.org/0712-advisories/joomla-csrf.txt

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/41263

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Open Source Matters, Inc.

Joomla!

References

Credit