Joomla! Information Disclosure and Security Bypass Vulnerabilities

SECUNIA ADVISORY ID:
SA49605

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/49605/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=49605

RELEASE DATE:
2012-06-19
DESCRIPTION:
Two vulnerabilities have been reported in Joomla!, which can be
exploited by malicious users to bypass certain security restrictions
and by malicious people to disclose potentially sensitive
information.

1) An error due to the application not properly filtering certain
input can be exploited to disclose certain information via SQL
errors.

2) An unspecified error exists due to the application not properly
performing certain checks.

The vulnerabilities are reported in 2.5.x versions prior to 2.5.5.

SOLUTION:
Update to version 2.5.5.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Jakub Galczyk
2) Nils R�ckmann

ORIGINAL ADVISORY:
http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html
http://developer.joomla.org/security/news/470-20120601-core-privilege-escalation
http://developer.joomla.org/security/news/471-20120602-core-information-disclosure