Vulnerability Description
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla\! | 2.5.0 |
References
- http://developer.joomla.org/security/news/548-20130201-core-information-disclosuVendor Advisory
- http://karmainsecurity.com/KIS-2013-03
- http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerabiExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81925
- http://developer.joomla.org/security/news/548-20130201-core-information-disclosuVendor Advisory
- http://karmainsecurity.com/KIS-2013-03
- http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerabiExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81925
FAQ
What is CVE-2013-1453?
CVE-2013-1453 is a vulnerability with a CVSS score of 7.5 (HIGH). plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary di...
How severe is CVE-2013-1453?
CVE-2013-1453 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1453?
Check the references section above for vendor advisories and patch information. Affected products include: Joomla Joomla\!.