Joomla! is one of the most used free and open-source content management systems. Joomla is an Open Source Matters Inc product which was introduced to publish web content. This framework is built on the base of the model–view–controller web application framework. There are many servers that have enabled the debugging mode in Joomla. This setting will allow any users to view the system information. This is a serious security vulnerability. An attacker can easily exploit this vulnerability to access sensitive information. At worse case scenario, the attacker can take over the whole system control. The Debugging Mode in Joomla is used to see details on how Joomla is being rendered on the enabled application. If this feature is not disabled, an attacker can use jet session date to get sensitive information about the application.
Impact
Using this vulnerability, an attacker can:-
- leak sensitive information about the server.
- access user’s session data.
- extract profile Information about the users.
- access the memory usage along with database queries used in the application.
Mitigation / Precaution
Beagle recommends the following fixes:-
- Upgrade Joomla! to the latest version if you can’t find debug mode status.
- Follow the following steps to disable Joomla:-
- Log into your Joomla 3.0 control panel.
- In the left menu in your control panel, click the Global Configuration link.
- You will find many settings listed on the top of the control panel. Click the System tab.
- Under the Debug Settings, go to the setting Debug System and Click No, and then click the Save button in the top left of the page.
