{"id":2838,"date":"2014-07-28T16:15:14","date_gmt":"2014-07-28T15:15:14","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2014\/07\/28\/kunena-forum-for-joomla-multiple-vulnerabilities\/"},"modified":"2024-03-18T15:50:41","modified_gmt":"2024-03-18T15:50:41","slug":"kunena-forum-for-joomla-multiple-vulnerabilities","status":"publish","type":"post","link":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/","title":{"rendered":"Kunena Forum for Joomla Multiple Vulnerabilities"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2838\" class=\"elementor elementor-2838\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-346a6d4f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"346a6d4f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-96a9e8\" data-id=\"96a9e8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1c11e2c4 elementor-widget elementor-widget-text-editor\" data-id=\"1c11e2c4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><!-- [if !mso]><\/p>\n<style>\nv\\:* {behavior:url(#default#VML);}<br \/>o\\:* {behavior:url(#default#VML);}<br \/>w\\:* {behavior:url(#default#VML);}<br \/>.shape {behavior:url(#default#VML);}<br \/><\/style>\n<p><![endif]--><\/p><p class=\"MsoNormal\">The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. The vulnerabilities affect Kunena v3.0.5 and earlier.<\/p><p class=\"MsoNormal\">The blind SQL injection vulnerability affects all pages\/tasks that use parameters in the form of \u201cparameter[]\u201d. This is because the array index is not being validated. Attackers can use the vulnerability to read sensitive data stored in the Joomla database including the website\u2019s admin users\u2019 credentials. This can then be used to compromise the entire website.<\/p><p class=\"MsoNormal\">Blind SQL injection relies on the ability to determine whether a condition is true or false, by causing a change in the behaviour of the affected application, for example the creation of different response times from the application, as shown in the following examples.<\/p><p>A true condition will cause a 10 second delay in the server\u2019s response:<\/p><p>POST https:\/\/localhost\/index.php?option=com_kunena&amp;view=home&amp;defaultmenu=130&amp;Itemid=128<\/p><div style=\"mso-element: para-border-div; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; background: #EFF8FF;\"><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">view=topics&amp;0b4b16219de03f54bd92a580f9d4fa43=1&amp;topics[2<strong>)+and+(if(1%3d1,sleep(10),1))%3d1%23<\/strong>]=1&amp;task=unfavorite&amp;kcheckgo=Go<\/span><\/p><\/div><p class=\"MsoNormal\">\u00a0Response time: ~ 11.5 seconds<\/p><p class=\"MsoNormal\">\u00a0A false condition will cause the server to respond without delay:<\/p><p>\u00a0POST https:\/\/localhost\/index.php?option=com_kunena&amp;view=home&amp;defaultmenu=130&amp;Itemid=128<\/p><div style=\"mso-element: para-border-div; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; background: #EFF8FF;\"><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">view=topics&amp;0b4b16219de03f54bd92a580f9d4fa43=1&amp;topics[2<strong>)+and+(if(1%3d2,sleep(10),1))%3d1%23<\/strong>]=1&amp;task=unfavorite&amp;kcheckgo=Go<\/span><\/p><\/div><p class=\"MsoNormal\">\u00a0Response time: ~ 1.5 seconds<\/p><p class=\"MsoNormal\">\u00a0The file upload and profile image upload functionality available on the forum extension are vulnerable to reflected cross-site scripting. Moreover, all of the pages that are vulnerable to the blind SQL injection are also vulnerable to reflected cross-site scripting due to the detailed error message returned by the server. <span style=\"mso-spacerun: yes;\">\u00a0<\/span>An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks such as drive-by downloads.<\/p><p class=\"MsoNormal\">The following proof of concept example shows how an attacker can exploit the vulnerability on the profile image upload functionality in order to display an alert box:<\/p><p>POST https:\/\/localhost\/index.php?option=com_kunena&amp;view=home&amp;defaultmenu=130&amp;Itemid=12<\/p><div style=\"mso-element: para-border-div; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 1.0pt 4.0pt 1.0pt 4.0pt; background: #EFF8FF;\"><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;34391417828549<\/span><\/p><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">Content-Disposition: form-data; name=&#8221;view&#8221;<\/span><\/p><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">user<\/span><\/p><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;34391417828549<\/span><\/p><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">Content-Disposition: form-data; name=&#8221;task&#8221;<\/span><\/p><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">Save<\/span><\/p><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">[\u2026]<\/span><\/p><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">Content-Disposition: form-data; name=&#8221;avatarfile&#8221;; filename=&#8221;<strong>&lt;iframe src=javascript:alert(&#8216;XSS&#8217;)&gt;<\/strong>&#8220;<\/span><\/p><p class=\"MsoNormal\" style=\"background: #EFF8FF; border: none; mso-border-alt: solid windowtext .5pt; padding: 0cm; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt;\"><span style=\"font-size: 10.0pt; mso-bidi-font-size: 11.0pt; line-height: 115%; font-family: 'Courier New';\">[\u2026]<\/span><\/p><\/div><p class=\"MsoNormal\"><strong>\u00a0Solution<\/strong><\/p><p class=\"MsoNormal\">The vendor has released a new version (3.0.6) to address the security vulnerabilities discovered by Dionach. The new version was released on the 28<sup>th<\/sup> of July 2014. Users are advised to update the Kunena forum extension for Joomla to the latest secure and stable version.<\/p><p class=\"MsoNormal\"><strong>References<\/strong><\/p><p class=\"MsoNormal\">https:\/\/www.securityfocus.com\/bid\/68956\/<\/p><p><!-- [if gte mso 9]><xml><br \/><o:OfficeDocumentSettings><br \/><o:AllowPNG\/><br \/><\/o:OfficeDocumentSettings><br \/><\/xml><![endif]--><!-- [if gte mso 9]><xml><br \/><w:WordDocument><br \/><w:View>Normal<\/w:View><br \/><w:Zoom>0<\/w:Zoom><br \/><w:TrackMoves>false<\/w:TrackMoves><br \/><w:TrackFormatting\/><br \/><w:PunctuationKerning\/><br \/><w:ValidateAgainstSchemas\/><br \/><w:SaveIfXMLInvalid>false<\/w:SaveIfXMLInvalid><br \/><w:IgnoreMixedContent>false<\/w:IgnoreMixedContent><br \/><w:AlwaysShowPlaceholderText>false<\/w:AlwaysShowPlaceholderText><br \/><w:DoNotPromoteQF\/><br \/><w:LidThemeOther>EN-GB<\/w:LidThemeOther><br \/><w:LidThemeAsian>X-NONE<\/w:LidThemeAsian><br \/><w:LidThemeComplexScript>X-NONE<\/w:LidThemeComplexScript><br \/><w:Compatibility><br \/><w:BreakWrappedTables\/><br \/><w:SnapToGridInCell\/><br \/><w:WrapTextWithPunct\/><br \/><w:UseAsianBreakRules\/><br \/><w:DontGrowAutofit\/><br \/><w:SplitPgBreakAndParaMark\/><br \/><w:EnableOpenTypeKerning\/><br \/><w:DontFlipMirrorIndents\/><br \/><w:OverrideTableStyleHps\/><br \/><\/w:Compatibility><br \/><m:mathPr><br \/><m:mathFont m:val=\"Cambria Math\"\/><br \/><m:brkBin m:val=\"before\"\/><br \/><m:brkBinSub m:val=\"&#45;-\"\/><br \/><m:smallFrac m:val=\"off\"\/><br \/><m:dispDef\/><br \/><m:lMargin m:val=\"0\"\/><br \/><m:rMargin m:val=\"0\"\/><br \/><m:defJc m:val=\"centerGroup\"\/><br \/><m:wrapIndent m:val=\"1440\"\/><br \/><m:intLim m:val=\"subSup\"\/><br \/><m:naryLim m:val=\"undOvr\"\/><br \/><\/m:mathPr><\/w:WordDocument><br \/><\/xml><![endif]--><!-- [if gte mso 9]><xml><br \/><w:LatentStyles DefLockedState=\"false\" DefUnhideWhenUsed=\"true\" DefSemiHidden=\"true\" DefQFormat=\"false\" DefPriority=\"99\" LatentStyleCount=\"267\"><br \/><w:LsdException Locked=\"false\" Priority=\"0\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Normal\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"heading 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" QFormat=\"true\" Name=\"heading 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" QFormat=\"true\" Name=\"heading 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" QFormat=\"true\" Name=\"heading 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" QFormat=\"true\" Name=\"heading 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" QFormat=\"true\" Name=\"heading 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" QFormat=\"true\" Name=\"heading 7\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" QFormat=\"true\" Name=\"heading 8\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" QFormat=\"true\" Name=\"heading 9\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 7\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 8\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" Name=\"toc 9\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" Name=\"annotation text\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" Name=\"footer\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"35\" QFormat=\"true\" Name=\"caption\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"0\" Name=\"annotation reference\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"10\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Title\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"1\" Name=\"Default Paragraph Font\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"11\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Subtitle\"\/><br \/><w:LsdException Locked=\"false\" QFormat=\"true\" Name=\"Hyperlink\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"22\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Strong\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"20\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Emphasis\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"59\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Table Grid\"\/><br \/><w:LsdException Locked=\"false\" UnhideWhenUsed=\"false\" Name=\"Placeholder Text\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"1\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"No Spacing\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Shading\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light List\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Grid\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Dark List\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Shading\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful List\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Grid\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light List Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 1\"\/><br \/><w:LsdException Locked=\"false\" UnhideWhenUsed=\"false\" Name=\"Revision\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"34\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"List Paragraph\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"29\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Quote\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"30\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Intense Quote\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Dark List Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 1\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light List Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Dark List Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 2\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light List Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Dark List Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 3\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light List Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Dark List Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 4\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light List Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Dark List Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 5\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"60\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Shading Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"61\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light List Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"62\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Light Grid Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"63\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 1 Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"64\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Shading 2 Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"65\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 1 Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"66\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium List 2 Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"67\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 1 Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"68\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 2 Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"69\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Medium Grid 3 Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"70\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Dark List Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"71\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Shading Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"72\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful List Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"73\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" Name=\"Colorful Grid Accent 6\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"19\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Subtle Emphasis\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"21\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Intense Emphasis\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"31\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Subtle Reference\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"32\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Intense Reference\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"33\" SemiHidden=\"false\" UnhideWhenUsed=\"false\" QFormat=\"true\" Name=\"Book Title\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"37\" Name=\"Bibliography\"\/><br \/><w:LsdException Locked=\"false\" Priority=\"39\" QFormat=\"true\" Name=\"TOC Heading\"\/><br \/><\/w:LatentStyles><br \/><\/xml><![endif]--><!-- [if gte mso 10]><\/p>\n<style>\n \/* Style Definitions *\/<br \/> table.MsoNormalTable<br \/>\t{mso-style-name:\"Table Normal\";<br \/>\tmso-tstyle-rowband-size:0;<br \/>\tmso-tstyle-colband-size:0;<br \/>\tmso-style-noshow:yes;<br \/>\tmso-style-priority:99;<br \/>\tmso-style-parent:\"\";<br \/>\tmso-padding-alt:0cm 5.4pt 0cm 5.4pt;<br \/>\tmso-para-margin-top:0cm;<br \/>\tmso-para-margin-right:0cm;<br \/>\tmso-para-margin-bottom:10.0pt;<br \/>\tmso-para-margin-left:0cm;<br \/>\tline-height:115%;<br \/>\tmso-pagination:widow-orphan;<br \/>\tfont-size:11.0pt;<br \/>\tfont-family:\"Calibri\",\"sans-serif\";<br \/>\tmso-ascii-font-family:Calibri;<br \/>\tmso-ascii-theme-font:minor-latin;<br \/>\tmso-hansi-font-family:Calibri;<br \/>\tmso-hansi-theme-font:minor-latin;<br \/>\tmso-bidi-font-family:\"Times New Roman\";<br \/>\tmso-bidi-theme-font:minor-bidi;<br \/>\tmso-fareast-language:EN-US;}<br \/><\/style>\n<p><![endif]--><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. The vulnerabilities affect Kunena v3.0.5 and earlier. The blind SQL injection vulnerability affects all pages\/tasks that use parameters in the form of \u201cparameter[]\u201d. This is because the array index is not being [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[215,207],"class_list":["post-2838","post","type-post","status-publish","format-standard","hentry","category-researchblog","tag-vulnerabilities","tag-web_applications","wpbf-post"],"contentshake_article_id":"","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Kunena Forum for Joomla Multiple Vulnerabilities<\/title>\n<meta name=\"description\" content=\"The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kunena Forum for Joomla Multiple Vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2014-07-28T15:15:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-18T15:50:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/kunena-forum-for-joomla-multiple-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/kunena-forum-for-joomla-multiple-vulnerabilities\\\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/person\\\/effca060e22bfa3cc6cd03f74a50fdb4\"},\"headline\":\"Kunena Forum for Joomla Multiple Vulnerabilities\",\"datePublished\":\"2014-07-28T15:15:14+00:00\",\"dateModified\":\"2024-03-18T15:50:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/kunena-forum-for-joomla-multiple-vulnerabilities\\\/\"},\"wordCount\":457,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\"},\"keywords\":[\"vulnerabilities\",\"web applications\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/kunena-forum-for-joomla-multiple-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/kunena-forum-for-joomla-multiple-vulnerabilities\\\/\",\"name\":\"Kunena Forum for Joomla Multiple Vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#website\"},\"datePublished\":\"2014-07-28T15:15:14+00:00\",\"dateModified\":\"2024-03-18T15:50:41+00:00\",\"description\":\"The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/kunena-forum-for-joomla-multiple-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/kunena-forum-for-joomla-multiple-vulnerabilities\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/kunena-forum-for-joomla-multiple-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/homepage-usa\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kunena Forum for Joomla Multiple Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#website\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/person\\\/effca060e22bfa3cc6cd03f74a50fdb4\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kunena Forum for Joomla Multiple Vulnerabilities","description":"The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Kunena Forum for Joomla Multiple Vulnerabilities","og_description":"The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently","og_url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2014-07-28T15:15:14+00:00","article_modified_time":"2024-03-18T15:50:41+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach Admin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/person\/effca060e22bfa3cc6cd03f74a50fdb4"},"headline":"Kunena Forum for Joomla Multiple Vulnerabilities","datePublished":"2014-07-28T15:15:14+00:00","dateModified":"2024-03-18T15:50:41+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/"},"wordCount":457,"publisher":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization"},"keywords":["vulnerabilities","web applications"],"articleSection":["researchblog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/","name":"Kunena Forum for Joomla Multiple Vulnerabilities","isPartOf":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#website"},"datePublished":"2014-07-28T15:15:14+00:00","dateModified":"2024-03-18T15:50:41+00:00","description":"The Kunena forum extension for Joomla suffers from multiple SQL injection and cross-site scripting vulnerabilities because it fails to sufficiently","breadcrumb":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/kunena-forum-for-joomla-multiple-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/homepage-usa\/"},{"@type":"ListItem","position":2,"name":"Kunena Forum for Joomla Multiple Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#website","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization","name":"Dionach","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/logo\/image\/","url":"https:\/\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/person\/effca060e22bfa3cc6cd03f74a50fdb4","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-JM","_links":{"self":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts\/2838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/comments?post=2838"}],"version-history":[{"count":0,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts\/2838\/revisions"}],"wp:attachment":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/media?parent=2838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/categories?post=2838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/tags?post=2838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}