Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Sonar's Vulnerability Research Team discovered multiple XSS vulnerabilities in the popular Content Management System (CMS) Joomla. The issue, tracked as CVE-2024-21726, affects Joomla’s core filter component and can be exploited by attackers to gain remote code execution by tricking an administrator into clicking on a malicious link. The underlying PHP bug is an inconsistency in how PHP's mbstring functions handle invalid multibyte sequences. This issue was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions. Joomla released version 5.0.3/4.4.3, which mitigates the vulnerability.
Company
Sonar
Date published
Feb. 20, 2024
Author(s)
Stefan Schiller
Word count
1259
Language
English
Hacker News points
None found.