Vigil@nce - Joomla: information disclosure
February 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use three vulnerabilities of Joomla, in order to
obtain information.
– Impacted products: Joomla
– Severity: 2/4
– Creation date: 05/02/2013
DESCRIPTION OF THE VULNERABILITY
Three vulnerabilities were announced in Joomla.
An attacker can use a special query, which is incorrectly encoded,
in order to obtain information. [severity:2/4; 20130201,
BID-57746, CVE-2013-1453]
A variable is not initialized, so an attacker can obtain
information. [severity:2/4; 20130202, BID-57751, CVE-2013-1455]
An unknown error allows an attacker to obtain information.
[severity:2/4; 20130203, BID-57752, CVE-2013-1454]
An attacker can therefore use three vulnerabilities of Joomla, in
order to obtain information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Joomla-information-disclosure-12372