5 min read 19 Jun 2018 by Fabian Langen
9 min read 6 Feb 2018 by Karim El Ouerghemmi
Joomla! is one of the biggest players in the market of content management systems and the second most used CMS on the web. RIPS discovered a second-order SQL injection (CVE-2018-6376) that could be used by attackers to leverage lower permissions and to escalate them into full admin permissions on Joomla! prior version 3.8.4.
11 min read 20 Sep 2017 by Robin Peraglie
With over 84 million downloads, Joomla! is one of the most popular content management systems. Our code analysis solution RIPS detected a previously unknown LDAP injection vulnerability in the login controller. This one vulnerability could allow remote attackers to leak the super user password and to fully take over any Joomla! <= 3.7.5 installation that uses LDAP for authentication.