virus logo Intrusion Prevention

Joomla!.searchword.Parameter.Process.Code.Injection

description-logoDescription

This indicates an attempt to exploit a code injection vulnerability in the Joomla! Search component.
The vulnerability is caused by the application's failure to validate the "searchword" parameter in the "components/com_search/views/search/tmpl/default_results.php" and "templates/beez/html/com_search/search/default_results.php" scripts. It allows remote attackers to execute arbitrary php code by sending a malicious request.

affected-products-logoAffected Products

Joomla version 1.5 beta 2 and prior.

Impact logoImpact

System compromise: remote code execution.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the Web site.
http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=2622

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-02-01 14.540 Name:Joomla.
searchword.
Parameter.
Process.
Code.
Injection:Joomla!.
searchword.
Parameter.
Process.
Code.
Injection
ID 15090
Created Jan 24, 2008
Updated Aug 29, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2007-4187
Exploit Prediction Score 2.4%
Default Action pass
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app