Urgent Joomla Update: Addressing the High-Risk CVEs Exploitable for Arbitrary Code Execution
In a recent revelation, Joomla, the popular content management system (CMS), has been found susceptible to five critical vulnerabilities, each posing a severe risk of arbitrary code execution on compromised websites. These vulnerabilities, impacting multiple versions of Joomla, have prompted immediate action from the vendor, resulting in fixes included in versions 5.0.3 and 4.4.3 of the CMS.
Outlined by their respective Common Vulnerabilities and Exposures (CVE) identifiers, the vulnerabilities are as follows:
- CVE-2024-21722: Failure to properly terminate existing user sessions when modifying multi-factor authentication (MFA) methods.
- CVE-2024-21723: Insufficient URL parsing leading to potential open redirects.
- CVE-2024-21724: Inadequate input validation for media selection fields resulting in cross-site scripting (XSS) vulnerabilities across various extensions.
- CVE-2024-21725: Insufficient escaping of email addresses leading to XSS vulnerabilities in multiple components.
- CVE-2024-21726: Deficient content filtering within the core filter component, culminating in multiple XSS vulnerabilities.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Of these vulnerabilities, CVE-2024-21725 has been highlighted by Joomla’s advisory as the most severe, with a high probability of exploitation.
Additionally, CVE-2024-21726, categorized as an XSS flaw within Joomla’s core filter component, presents a moderate severity risk. However, vulnerability researcher Stefan Schiller from Sonar warns that it could still facilitate remote code execution, amplifying its threat potential.
Schiller explains, “Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link.”
Trending: Major Cyber Attacks that shaped 2023
Trending: Offensive Security Tool: SmuggleFuzz