| Name | Joomla.searchword.Parameter.Process.Code.Injection |
| Release Date | Jan 24, 2008 |
| Severity | High |
| Impact | System compromise: remote code execution. |
| Description | This indicates an attempt to exploit a code injection vulnerability in the Joomla! Search component.
The vulnerability is caused by the application's failure to validate the "searchword" parameter in the "components/com_search/views/search/tmpl/default_results.php" and "templates/beez/html/com_search/search/default_results.php" scripts. It allows remote attackers to execute arbitrary php code by sending a malicious request. |
| Affected Products | Joomla version 1.5 beta 2 and prior. |
| Recommended Actions | Upgrade to the latest version, available from the Web site.
http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=2622 |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-4187
|
| Reference/s | http://www.securityfocus.com/bid/26031 (BugTraq)
http://www.vupen.com/english/advisories/2007/2613 (FrSIRT)
http://www.securiteam.com/unixfocus/5PP0P0KM0O.html
|