Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-3242 โ€” Improper Input Validation in Joomla !

CWE-20 โ€” Improper Input Validation4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 61.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Joomla !
Timeline
PublishedMay 3
Latest updateMay 17

Description

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

โ–ถNVDjoomla/joomla_!14 versions+13

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-pwhw-p972-gp85: plugins/system/remember/rememberโ†—2022-05-17
โ–ถ
CVEList
CVE-2013-3242: plugins/system/remember/rememberโ†—2013-05-03
โ–ถ

๐Ÿ’ฅExploits & PoCs

1
Exploit-DB
Joomla! 3.0.3 - 'remember.php' PHP Object Injectionโ†—2013-04-26
โ–ถ
CVE-2013-3242 โ€” Improper Input Validation in Joomla ! | cvebase