Joomla! Multiple Information Disclosure Vulnerabilities

SECUNIA ADVISORY ID:
SA47847

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47847/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47847

RELEASE DATE:
2012-02-03

DESCRIPTION:
A weakness and two vulnerabilities have been reported in Joomla!,
which can be exploited by malicious users and malicious people to
disclose sensitive information.

1) Certain unspecified input passed to the "administrator" section is
not properly verified before being used and can be exploited to
disclose sensitive information.

2) An unspecified error can be exploited to disclose the error log.

NOTE: This vulnerability only affects the 1.7.x versions.

3) Certain unspecified input passed to the "administrator" section is
not properly verified before being used and can be exploited to
disclose a path.

The weakness and the vulnerabilities are reported in versions 1.7.0
through 1.7.4 and versions prior to 2.5.1.

SOLUTION:
Update to version 1.7.5 or version 2.5.1.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1, 3) Jakub Galczyk
2) Alain Rivest

ORIGINAL ADVISORY:
Joomla! 1.7.5:
http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html

Joomla! 2.5.1:
http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html

Vulnerabilities:
http://developer.joomla.org/security/news/387-20120201-core-information-disclosure
http://developer.joomla.org/security/news/388-20120202-core-information-disclosure
http://developer.joomla.org/security/news/389-20120203-core-information-disclosure