• Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.4.1
  • Exploit type: Open Redirect
  • Reported Date: 2015-April-08
  • Fixed Date: 2015-June-30
  • CVE Number: CVE-2015-5608

Description

Inadequate checking of the return value allowed to redirect to an external page.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Eric Flokstra, Sharath Unni and Steven Sweeting