CVE-2013-3242

Joomla! <2.5.10-3.0.4 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3242. PoCs published by EgiX.

AI-analyzed exploit summary This is a detailed writeup describing a PHP object injection vulnerability in Joomla! versions 3.0.3 and earlier, as well as 2.5.9 and earlier. The vulnerability arises from improper sanitization of user input passed through cookies, leading to arbitrary PHP object injection via unserialize().

Description

plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED

by EgiX · textwebappsphp

https://www.exploit-db.com/exploits/25087

View Code ZIP pw:eip

This is a detailed writeup describing a PHP object injection vulnerability in Joomla! versions 3.0.3 and earlier, as well as 2.5.9 and earlier. The vulnerability arises from improper sanitization of user input passed through cookies, leading to arbitrary PHP object injection via unserialize().

Classification

Writeup 100%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Joomla! <= 3.0.3, Joomla! <= 2.5.9

Auth required

Prerequisites: Authentication to obtain the 'hash string' used to read the cookie parameter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/25087

Exploit x_refsource_misc

http://karmainsecurity.com/KIS-2013-04

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-04/0232.html

Various Sources x_refsource_confirm

http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html

Scores

EPSS 0.0485

EPSS Percentile 90.9%

Details

CWE

CWE-20

Status published

Products (14)

joomla/joomla\! 3.0.0

joomla/joomla\! 3.0.1

joomla/joomla\! 3.0.2

joomla/joomla\! 3.0.3

joomla/joomla\! 2.5.0

joomla/joomla\! 2.5.1

joomla/joomla\! 2.5.2

joomla/joomla\! 2.5.3

joomla/joomla\! 2.5.4

joomla/joomla\! 2.5.5

... and 4 more

Published May 03, 2013

Tracked Since Feb 18, 2026