Vulnerabilities > CVE-2013-1453 - Unspecified vulnerability in Joomla Joomla!
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 |
Exploit-Db
description | Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability. CVE-2013-1453. Webapps exploit for php platform |
id | EDB-ID:24551 |
last seen | 2016-02-02 |
modified | 2013-02-27 |
published | 2013-02-27 |
reporter | EgiX |
source | https://www.exploit-db.com/download/24551/ |
title | Joomla! <= 3.0.2 highlight.php PHP Object Injection Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | JOOMLA_259.NASL |
description | According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.9 or 3.0.x prior to 3.0.3. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the highlight.php script, within the PlgSystemHighlight::onAfterDispatch() function, due to improper sanitization of input passed via the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 64634 |
published | 2013-02-14 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/64634 |
title | Joomla! 2.5.x < 2.5.9 / 3.0.x < 3.0.3 Multiple Vulnerabilities |
Packetstorm
data source | https://packetstormsecurity.com/files/download/120561/joomla302-inject.txt |
id | PACKETSTORM:120561 |
last seen | 2016-12-05 |
published | 2013-02-27 |
reporter | EgiX |
source | https://packetstormsecurity.com/files/120561/Joomla-3.0.2-PHP-Object-Injection.html |
title | Joomla! 3.0.2 PHP Object Injection |
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:78253 |
last seen | 2017-11-19 |
modified | 2014-07-01 |
published | 2014-07-01 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-78253 |
title | Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability |