Vulnerabilities > CVE-2013-1453 - Unspecified vulnerability in Joomla Joomla!

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

joomla

nessus

exploit available

NVD

Published: 2013-02-13

Updated: 2017-08-29

Summary

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.

Vulnerable Configurations

Part	Description	Count
Application	Joomla Joomla Joomla! 2.5.0 Joomla Joomla! 2.5.1 Joomla Joomla! 2.5.2 Joomla Joomla! 2.5.3 Joomla Joomla! 2.5.4 Joomla Joomla! 2.5.5 Joomla Joomla! 2.5.6 Joomla Joomla! 2.5.7 Joomla Joomla! 2.5.8 Joomla Joomla! 3.0.0 Joomla Joomla! 3.0.1 Joomla Joomla! 3.0.2	12

Exploit-Db

description	Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability. CVE-2013-1453. Webapps exploit for php platform
id	EDB-ID:24551
last seen	2016-02-02
modified	2013-02-27
published	2013-02-27
reporter	EgiX
source	https://www.exploit-db.com/download/24551/
title	Joomla! <= 3.0.2 highlight.php PHP Object Injection Vulnerability

Nessus

NASL family	CGI abuses
NASL id	JOOMLA_259.NASL
description	According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.9 or 3.0.x prior to 3.0.3. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the highlight.php script, within the PlgSystemHighlight::onAfterDispatch() function, due to improper sanitization of input passed via the
last seen	2020-06-01
modified	2020-06-02
plugin id	64634
published	2013-02-14
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/64634
title	Joomla! 2.5.x < 2.5.9 / 3.0.x < 3.0.3 Multiple Vulnerabilities

Packetstorm

data source	https://packetstormsecurity.com/files/download/120561/joomla302-inject.txt
id	PACKETSTORM:120561
last seen	2016-12-05
published	2013-02-27
reporter	EgiX
source	https://packetstormsecurity.com/files/120561/Joomla-3.0.2-PHP-Object-Injection.html
title	Joomla! 3.0.2 PHP Object Injection

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:78253
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-78253
title	Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Packetstorm

Seebug

References