Security Centre

There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.

Where to Start

Download Documentation Support Report an Issue Volunteer Roadmap

Review Tracker Volunteer Activity Volunteer Report New Issue Roadmap

Download Documentation Support Report an Issue Contribute Roadmap

Project: Joomla!
SubProject: com_mailto
Severity: Low
Versions: 1.5.6 and all previous 1.5 releases
Exploit type: Email Spam
Reported Date: 2008-August-29
Fixed Date: 2008-September-9

Description

The mailto component does not verify validity of the URL prior to sending.

Affected Installs

All 1.5.x installs prior to and including 1.5.6 are affected.

Solution

Upgrade to latest Joomla! version (1.5.7 or newer).

Contact

The JSST at the Joomla! Security Center.

Reported By: Phil Taylor

Project: Joomla!
SubProject: Multiple
Severity: Low
Versions: 1.5.6 and all previous 1.5 releases
Exploit type: Redirect Spam
Reported Date: 2008-August-26
Fixed Date: 2008-September-9

Description

Several components utilize a passed in URL to redirect to after processing. These URLs are not validated prior to the redirect. A crafted URL can cause the system to redirect to a spam or phishing site.

3PD Concerns

3pd extensions should validate all redirects (where the URL cannot be trusted) using the new JURI method isInternal($url). JURI::isInternal($url) will return true if the passed in url is a url on the same host as Joomla, or false if it is not. JURI::isInternal($url) was not available prior to 1.5.7.

Affected Installs

All 1.5.x installs prior to and including 1.5.6 are affected.

Solution

Upgrade to latest Joomla! version (1.5.7 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Emanuele Gentili

Project: Joomla!
SubProject: libraries
Severity: Critical
Versions: 1.5.6 and all previous 1.5 releases
Exploit type: Variable Injection
Reported Date: 2008-September-7
Fixed Date: 2008-September-9

Description

A flaw in JRequest exists where variables set with JRequest::setVar are not cleaned when fetching the variable at a later point in the request. This can result in variable injection (unwanted characters injected into returned data).

3PD Concerns

3PD extensions which use JRequest do not need to change anything for proper function.

Affected Installs

All 1.5.x installs prior to and including 1.5.6 are affected.

Solution

Upgrade to latest Joomla! version (1.5.7 or newer).

Contact

The JSST at the Joomla! Security Centre.

Reported By: Joomla! Development Coordinator Andrew Eddie

Developer Network™

Where to Start

[20080903] - Core - com_mailto Spam

Description

Affected Installs

Solution

Contact

[20080904] - Core - Redirect Spam

Description

3PD Concerns

Affected Installs

Solution

Contact

[20080901] - Core - JRequest Variable Injection

Description

3PD Concerns

Affected Installs

Solution

Contact