Joomla! "com_mailto" Timeout Bypass

SECUNIA ADVISORY ID:
SA36097

VERIFY ADVISORY:
http://secunia.com/advisories/36097/

DESCRIPTION:
A weakness has been reported in Joomla!, which can be exploited by
malicious people to bypass certain restrictions.

The weakness is caused due to an error in the handling of timeouts in
the "com_mailto" component and can be exploited to send emails via the
component without timeout restrictions.

The weakness is reported in versions prior to 1.5.14.

SOLUTION:
Update to version 1.5.14.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits WHK and Gergo Erdosi

ORIGINAL ADVISORY:
http://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html

RECENT ARTICLE

RECENT POST