Frontpage

Newsletter & Updates

I am totally relaxed!

Because I know Joomlamonitor is working for me. Whenever my website is down, I get an instant alert (and a copy goes to my web-host too!)
Do you wanna try?

Website Monitoring

You should monitor your sites at frequent intervals for downtimes. Joomlamonitor is our service that does just that, automatically. You will receive emails and SMS when your site is down.

Get Joomla Support Now. Simple, Fast and Trustworthy. Ask > Get Response > Pay > Get the work done!

[20090722] - Core - Missing JEXEC Check

Project: Joomla!
SubProject: Framework
Severity: Moderate
Versions: 1.5.12 and all previous 1.5 releases
Exploit type: Path Disclosure
Reported Date: 2009-July-21
Fixed Date: 2009-July-22

Description

Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.

Affected Installs

All 1.5.x installs prior to and including 1.5.12 are affected.

Solution

Upgrade to latest Joomla! version (1.5.13 or newer).

Reported by Juan Galiana Lara (Internet Security Auditors)

Contact

The JSST at the Joomla! Security Center.

Read full...

Author:

< Prev

More Articles in This Category
[20090603] - Core - Frontend XSS [20090602] - Core - ja_purity XSS [20090606] - Core - Missing JEXEC Check [20090601] - Core - com_users XSS [20090302] - Core - com_content XSS	[20091103] - Core - XML File Read Issue [20090604] - Core - Frontend XSS - HTTP_REFERER not properly filtered [20090605] - Core - Frontend XSS - PHP_SELF not properly filtered [20090722] - Core - Missing JEXEC Check [20090723] - Core - com_mailto Timeout Issue