Multiple Vulnerabilities in Joomla! Could Allow for Arbitrary Code Execution

Multiple Vulnerabilities in Joomla! Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2018-094

DATE(S) ISSUED:

08/29/2018

OVERVIEW:

Multiple vulnerabilities have been discovered in Joomla!, the most severe of which could allow for arbitrary code execution. Joomla! is an open source content management system for websites. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

THREAT INTELLIGENCE:

There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

  • Joomla! CMS versions 1.5.0 through 3.8.11

RISK:

Government:

  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:

  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:

LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Joomla!, the most severe of these which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

  • Inadequate checks regarding disabled fields can lead to an ACL violation (CVE-2018-15881)
  • Inadequate output filtering on the user profile page could lead to a stored XSS attack (CVE-2018-15880)
  • Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter (CVE-2018-15882)

Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Joomla! to vulnerable systems immediately after appropriate testing.

  • Verify no unauthorized system modifications have occurred on system before applying the patch.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

REFERENCES:

Joomla!:

https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html
https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html
https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html

GitHub::

https://github.com/pavlovt/db/blob/master/class/class.inputfilter.php

CVE::

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15882

More information
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-joomla-could-al…