关联漏洞
标题:
Joomla CMS 安全漏洞
(CVE-2023-40626)
描述:Joomla是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla CMS 1.6.0到4.4.0版本、 5.0.0版本存在安全漏洞,该漏洞源于攻击者可以通过解析语言文件来公开环境变量,环境变量可能包含敏感信息。
描述
Plugin to fix security vulnerability CVE-2023-40626 in Joomla 3.10.12
介绍
THIS REPO IS OBSOLETE AND YOU SHOULD USE THIS ONE INSTEAD: https://github.com/TLWebdesign/Joomla-3-EOL-Security-Fixes
# Joomla-3.10.12 LanguageHelper.php Hotfix
This little plugin will help you update the LanguageHelper file with the security fix i backported from Joomla 4.4.1 More info on the vulnerability here: https://developer.joomla.org/security-centre/919-20231101-core-exposure-of-environment-variables.html
## Donate to the joomla project!
If this plugin saved you valuable time please consider donating something to the joomla project: https://community.joomla.org/donate.
Especially agencies who will save tons of time when they have multiple websites still on J3. Any donation is much appreciated.
## Backup First!
Always try this fix first on a test environment because it could potentially break language files that were not following exact specification. Previously these language files would still work but in fixing the vulnerability the strictness of how these files are processed makes it that a language string can not have new lines in the content anymore.
文件快照
[4.0K] /data/pocs/ba55c489c5bc5ed642438830658606bb7a790269
├── [ 22K] LanguageHelper.php
├── [ 718] languagehotfix.xml
├── [ 18K] LICENSE
├── [1.1K] README.md
└── [2.0K] script.php
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。