Joomla Third-Party Plugins Multiple Vulnerabilities


Description   (#Several vulnerabilities have been identified in third-party plugins for Joomla:#- Kunena: information disclosure#- JobGrokApp: SQL injection#- Availcal: SQL injection#- Joomdoc: full path disclosure#- Maqmahelpdesk: cross-site scripting#- Affiliate Tracker com_affiliatetracker: SQL injection#- Pay Plans: SQL injection#- Catfiltering: SQL injection#- Jumi: cross-site scripting#- Enmasse: SQL injection#- com_bt_media: SQL injection#- Universal AJAX Live Search: inadequate permissions#- SmartFormer: file upload##Proof of concepts are available.)
     
Vulnerable Products   Vulnerable Software:
Joomla (OSM Development Team) -
     
Solution   - SmartFormer: 2.4.1 (J1.5 security fix)
     
CVE  
     
References   - Joomla : kunena,4.0.10,Information Disclosure
https://vel.joomla.org/live-vel/1846-kunena-4-0-10-information-disclosure
- 0day : Joomla JobGrokApp 3.1-1.2.55 SQL Injection Vulnerability
http://0day.today/exploit/25430
- 0day : Joomla com_availcal - SQL Injection Vulnerability
http://0day.today/exploit/25433
- 0day : Joomla com_joomdoc - Full Path Disclosure Vulnerability
http://0day.today/exploit/25437
- cxsecurity : Joomla com_maqmahelpdesk - XSS Vulnerability
https://cxsecurity.com/issue/WLB-2016060075
- 0day : Joomla Affiliate Tracker com_affiliatetracker - SQL Injection Vulnerability
http://0day.today/exploit/25470
- Packetstormsecurity : Joomla Pay Plans 3.3.6 SQL Injection
https://packetstormsecurity.com/files/137434/joomlapayplans-sql.txt
- Packetstormsecurity : Joomla Catfiltering 1.5.4 SQL Injection
https://packetstormsecurity.com/files/137468/joomlacatfiltering-sql.txt
- cxsecurity : Joomla Jumi 3.0.5 Cross Site Scripting
https://cxsecurity.com/issue/WLB-2016060026
- bugtraq : Joomla com_enmasse - SQL Injection
http://seclists.org/bugtraq/2016/Jun/62
- cxsecurity : Joomla com_bt_media - SQL Injection
https://cxsecurity.com/issue/WLB-2016060144
- Joomla : Universal AJAX Live Search, 5.4.0, Other
https://vel.joomla.org/live-vel/1851-universal-ajax-live-search-5-4-0-other
- Packetstormsecurity : Joomla SmartFormer 2.4.1 Shell Upload
https://packetstormsecurity.com/files/137730/joomlasmartformer-shell.txt
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data
5.0.0
XSS - Prevention - POST : javascript code found in data
5.0.0
XSS - Prevention - POST : suspicious tag with event found in data
5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data
5.0.0
XSS - Prevention - POST : 'location' javascript object found in data
5.0.0
Upload of a PHP file in a vulnerable web application
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
XSS - Prevention - POST : code allowing cookie access found in data
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
XSS - Prevention - POST : 'script' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data
5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data
5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2016-06-07 

 Target Type 
Server 

 Possible exploit 
Remote