Joomla! is one of the most used free and open-source content management systems. Joomla! was first introduced to publish web content. This software was developed by Open Source Matters, Inc and was built on the base of the model–view–controller web application framework. There are servers using Joomla! that have failed to Implement identification and verification requirements. This misconfiguration corresponds to the security requirements of the information that the credentials protect and might lead to an attacker to register, access and make changes to the application’s server. This attack can lead to major issues like sensitive information leakage, elevated privileges attack and many more. Joomla had a vulnerable function register() that allowed an attacker to change $data to send the attacker’s request as an administrator’s request.
Impact
The impact include:-
- Losing server integrity
- Possible data loss
Mitigation / Precaution
Beagle recommends the following fixes:-
- Make sure to Upgrade Joomla! to the latest version.
