Infesting you with Virus News
 

News

Contributed by: Lauren Gerber
Date: July 23, 2009
Lauren Gerber
1
Vote
0

Escaping The Joomla Dangers!
 

I know that, in this day and age, many people need a website for their business. There is one problem though, not every business person knows how to get one. Joomla could potentially be the answer to this common problem, and to top it off, it is very user friendly. Joomla is open source so you won't need to pay any money, which means you have nothing to lose by giving it a try. The only real risk with regard to Joomla right now is that a vulnerability was recently discovered in it.JOOMLA.png

You may be wondering why this vulnerability exists. This vulnerability exists due to a certain TINYMCE editor, which includes a tiny browser plugin.This, enables the uploading of files without authentication. If attackers manage to successfully exploit this weakness then it is highly likely that these online attackers will be able to upload files with multiple extensions as well as execute arbitrary PHP code.

There is also an issue that exists which is related to files which are missing. The missing files check for JEXEC and unfortunately, run the risk of being exploited by malicious online attackers. If this is exploited in the correct manner, malicious online attackers can obtain confidential internal patch information.

Joomla is a wonderful content management system that is literally able to keep track of all the content on your web site. You can upload pictures and music fairly easily without much trouble. One of the great aspects with regard to using Joomla is that if you use it to make a web site for a client, the client is then able to edit information on the backend of the system very easily. Joomla will work with whatever browser you are using with the inclusion of Windows 6. Some of the files of Windows 6 include: A2P.EXE browmon.exe, CAT.EXE, clxtshar.dll as well as creatfil.exe.

Some things people use Joomla for:
Government applications.
School and church Web sites.
Online magazines, newspapers,and publications.
Corporate Web sites or portals.
Small business Web sites.

Table 1. Different uses of Joomla

So which versions are affected? This vulnerability has been confirmed in version 1.5.12. The weakness has also been reported in all 1.5.12 versions as well as all the previous 1.5.x versions. The solution is for all Joomla users, who are currently making use of the insecure versions, to update to the 1.5.13 version immediately.

Resources:
Get started with Joomla
Missing JEXEC Check
Core - File Upload
Details on Joomla

User Comments

Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: June 13, 2009
more videos

Software Downloads

SpyHunter V.3
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

vpshellres.dll
March 15, 2010
vpshellres dll fix tool more..
AcroPro.msi
March 15, 2010
nice more..
Worm.Win32.P2P- .. Worm.Palevo.ki
March 14, 2010
Hey i just got P2P-Worm.Win32. .. rm.Win32.Palevovirus on my laptop and i dont know how to remove it... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Computer Security > Escaping The Joomla Dangers!