Vulnerability Details : CVE-2013-3242
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-3242
Probability of exploitation activity in the next 30 days: 3.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-3242
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:P |
8.0
|
4.9
|
NIST |
CWE ids for CVE-2013-3242
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3242
-
http://karmainsecurity.com/KIS-2013-04
Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability | Karma(In)SecurityExploit
-
http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html
[20130406] - Core - DOS Vulnerability
-
http://archives.neohapsis.com/archives/bugtraq/2013-04/0232.html
-
http://www.exploit-db.com/exploits/25087
Joomla! 3.0.3 - 'remember.php' PHP Object Injection - PHP webapps Exploit
Products affected by CVE-2013-3242
- cpe:2.3:a:joomla:joomla\!:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:2.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla\!:3.0.3:*:*:*:*:*:*:*