CVE-2008-3228: Joomla! doesn't configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs

May 1, 2022 (updated April 9, 2025)

Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that “block common exploits” to SEF URLs, which has unknown impact and remote attack vectors.

References

exchange.xforce.ibmcloud.com/vulnerabilities/44206
github.com/advisories/GHSA-mxr8-pcpg-m23j
github.com/joomla/joomla-platform
nvd.nist.gov/vuln/detail/CVE-2008-3228
web.archive.org/web/20080730154423/http://www.joomla.org/content/view/5180/1

Code Behaviors & Features

Detect and mitigate CVE-2008-3228 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →