Joomla!.com_user.Password.Reset
Description
This indicates an attack attempt against a remote token-injection vulnerability
in Joomla.
A vulnerability has been reported in Joomla that may allow an attacker to reset the administrator password of the vulnerable web application. This is possible because the user input filters fail to properly sanitize the token parameter value that is passed to components/com_user/models/reset.php". An attacker may reset the administrator's password by sending a malformed POST request.
Affected Products
Joomla Joomla 1.5.5
Joomla Joomla 1.5.4
Joomla Joomla 1.5.3
Joomla Joomla 1.5.2
Joomla Joomla 1.5.1
Joomla Joomla 1.5
Joomla Joomla 1.5.0 Beta
Joomla Joomla 1.5 RC3
Joomla Joomla 1.5 RC2
Joomla Joomla 1.5 RC1
Joomla Joomla 1.5 Beta 2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to Joomla 1.5.6, which is available at the following web site:
http://joomlacode.org/gf/download/frsrelease/8232/30034/Joomla_1.5.6-S table-Full_Package.zip
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-02-01 | 14.540 | Name:Joomla. Com. User. Component. Password. Reset:Joomla!. com_user. Password. Reset |