CVE-2008-4105 - Vulnerability Details - OpenCVE

JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomla	Joomla

Configuration 1 [-]

OR	cpe:2.3:a:joomla:joomla:1.5:::::::*
	cpe:2.3:a:joomla:joomla:1.5.1:::::::*
	cpe:2.3:a:joomla:joomla:1.5.2:::::::*
	cpe:2.3:a:joomla:joomla:1.5.3:::::::*
	cpe:2.3:a:joomla:joomla:1.5.4:::::::*
	cpe:2.3:a:joomla:joomla:1.5.5:::::::*
	cpe:2.3:a:joomla:joomla:1.5.6:::::::*

No data.

References

Link	Providers
http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html
http://marc.info/?l=oss-security&m=122115344915232&w=2
http://marc.info/?l=oss-security&m=122118210029084&w=2
http://marc.info/?l=oss-security&m=122152798516853&w=2
http://secunia.com/advisories/31789
http://securityreason.com/securityalert/4275
http://securitytracker.com/id?1020843
https://exchange.xforce.ibmcloud.com/vulnerabilities/45069

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-18T17:47:00

Updated: 2024-08-07T10:00:42.951Z

Reserved: 2008-09-15T00:00:00

Link: CVE-2008-4105

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-09-18T17:59:32.983

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4105

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-09T00:00:00", "descriptions": [{"lang": "en", "value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=122152798516853&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"}, {"name": "31789", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31789"}, {"name": "[oss-security] 20080911 CVE request: joomla < 1.5.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=122115344915232&w=2"}, {"name": "4275", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4275"}, {"name": "joomla-jrequest-command-execution(45069)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"}, {"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=122118210029084&w=2"}, {"name": "1020843", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020843"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4105", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=122152798516853&w=2"}, {"name": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html", "refsource": "CONFIRM", "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"}, {"name": "31789", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31789"}, {"name": "[oss-security] 20080911 CVE request: joomla < 1.5.7", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=122115344915232&w=2"}, {"name": "4275", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4275"}, {"name": "joomla-jrequest-command-execution(45069)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"}, {"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=122118210029084&w=2"}, {"name": "1020843", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020843"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:00:42.951Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=122152798516853&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"}, {"name": "31789", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31789"}, {"name": "[oss-security] 20080911 CVE request: joomla < 1.5.7", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=122115344915232&w=2"}, {"name": "4275", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4275"}, {"name": "joomla-jrequest-command-execution(45069)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"}, {"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=122118210029084&w=2"}, {"name": "1020843", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1020843"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4105", "datePublished": "2008-09-18T17:47:00", "dateReserved": "2008-09-15T00:00:00", "dateUpdated": "2024-08-07T10:00:42.951Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "2017D307-89B3-4D94-A266-C7D8D45960A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8CCDBF4D-A797-4828-A084-8C775FA94BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB1B7CF2-B717-4F37-A923-0E188FF3C47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBA35EF1-1F8C-4AEA-89A0-3C1DD2DFBFE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "3333C204-A022-4B53-B61F-3C5601F21FC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "F2752717-AA95-4398-8091-24FD5925C4F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "F7B3B3FB-E67D-4D9A-BE01-855FA2545772", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct \"variable injection\" attacks and have unspecified other impact."}, {"lang": "es", "value": "JRequest en Joomla! 1.5 y versiones anteriores a 1.5.7 limpia correctamente variable establecidas con JRequest::setVar, el cual permite a los atacante remotos realizar un ataque de \"inyecci\u00f3n de variable\" y tiene otras consecuencias no especificadas."}], "id": "CVE-2008-4105", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-18T17:59:32.983", "references": [{"source": "cve@mitre.org", "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=122115344915232&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=122118210029084&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=122152798516853&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31789"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4275"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020843"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://developer.joomla.org/security/news/271-20080901-core-jrequest-variable-injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=122115344915232&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=122118210029084&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=122152798516853&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1020843"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45069"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}