CVE-2013-1453
Joomla! 3.0.2 - 'highlight.php' PHP Object Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
El archivo plugins/system/highlight/highlight.php en Joomla! versiones 3.0.x hasta 3.0.2 y versiones 2.5.x hasta 2.5.8, permite a atacantes deserializar objetos PHP arbitrarios para obtener información confidencial, eliminar directorios arbitrarios, conducir ataques de inyección SQL, y posiblemente tener otros impactos por medio del parámetro highlight. Nota: originalmente se informó que este problema sólo permitía a los atacantes obtener información confidencial, pero el análisis posterior demostró que se presentan otros ataques.
Joomla! versions 3.0.2 and below suffer from a PHP object injection vulnerability in highlight.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-01-29 CVE Reserved
- 2013-02-13 CVE Published
- 2013-02-27 First Exploit
- 2023-05-19 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://karmainsecurity.com/KIS-2013-03 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81925 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/24551 | 2013-02-27 | |
| http://karmainsecurity.com/analysis-of-the-joomla-php-object-injection-vulnerability | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://developer.joomla.org/security/news/548-20130201-core-information-disclosure.html | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.0 Search vendor "Joomla" for product "Joomla\!" and version "2.5.0" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.1 Search vendor "Joomla" for product "Joomla\!" and version "2.5.1" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.2 Search vendor "Joomla" for product "Joomla\!" and version "2.5.2" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.3 Search vendor "Joomla" for product "Joomla\!" and version "2.5.3" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.4 Search vendor "Joomla" for product "Joomla\!" and version "2.5.4" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.5 Search vendor "Joomla" for product "Joomla\!" and version "2.5.5" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.6 Search vendor "Joomla" for product "Joomla\!" and version "2.5.6" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.7 Search vendor "Joomla" for product "Joomla\!" and version "2.5.7" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 2.5.8 Search vendor "Joomla" for product "Joomla\!" and version "2.5.8" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 3.0.0 Search vendor "Joomla" for product "Joomla\!" and version "3.0.0" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 3.0.1 Search vendor "Joomla" for product "Joomla\!" and version "3.0.1" | - |
Affected
| ||||||
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | 3.0.2 Search vendor "Joomla" for product "Joomla\!" and version "3.0.2" | - |
Affected
| ||||||