Public Forums 71,145 posts

[stevegoodall Friend stevegoodallJoin date: October 2010Posts: 25Downloads:0Uploads:0 Thanks: 5]

#180915

Hi

One of my Joomla sites has recently been penetration tested. The site uses a JA template running T3 and has been updated to version 2.5.7 of Joomla.

A critical vulnerability in the jat3file parameter was discovered which allows access to the site config file and opens the site to exploitation.

A quick check on Google also highlights this flaw here:
http://osvdb.org/81180

Are you aware of this vulnerability, and is there anything that can be done to correct it?

Thanks

Steve

[Ninja Lead Moderator Ninja LeadJoin date: November 2014Posts: 16064Downloads:310Uploads:2864 Thanks: 341 Thanked: 3854 times in 3563 posts]

#468087

Hi Steve,

Thanks for your contacting to us. I could not access the link your post above. Please help me clear about:

+ What JAT3 version did you use on your site.
+ About critical vulnerability in the jat3file parameter was discovered? -> you can send me the screenshot?

Regards

[stevegoodall Friend stevegoodallJoin date: October 2010Posts: 25Downloads:0Uploads:0 Thanks: 5]

#468117

Hi Ninja

Thanks for responding. I’ve sent you a PM with further info. The version of JA T3 I am using on the site is: v2.5.2.

[Ninja Lead Moderator Ninja LeadJoin date: November 2014Posts: 16064Downloads:310Uploads:2864 Thanks: 341 Thanked: 3854 times in 3563 posts]

#468202

<em>@stevegoodall 339690 wrote:</em><blockquote>Hi Ninja

Thanks for responding. I’ve sent you a PM with further info. The version of JA T3 I am using on the site is: v2.5.2.</blockquote>

I received your PM but there is no info regarding URL, admin acess and FTP account. Please send me then i will help you check it.

[Author]

Posts