VYPR
← All advisories
Moderate severityNVD Advisory· Published Jul 18, 2008· Updated Apr 23, 2026

CVE-2008-3228

CVE-2008-3228

Description

Joomla! before 1.5.4 lacks .htaccess security checks for SEF URLs, leaving sites potentially exposed to remote attacks with unknown impact.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Joomla! before 1.5.4 lacks .htaccess security checks for SEF URLs, leaving sites potentially exposed to remote attacks with unknown impact.

Vulnerability

Joomla! versions before 1.5.4 do not configure the .htaccess file to apply certain security checks that "block common exploits" to Search Engine Friendly (SEF) URLs [1]. The exact nature of the missing checks is not publicly detailed, but the vendor release notes mention an "htaccess global variable security fix when SEF is enabled" as part of the 1.5.4 maintenance release [2][4].

Exploitation

An attacker can exploit this vulnerability remotely [1]. The specific prerequisites and sequence of steps are not disclosed in available references, but the attack vector is described as remote and likely involves crafted HTTP requests targeting SEF URLs.

Impact

The impact of successful exploitation is described as unknown [1]. The vendor categorizes the issue as a security fix [2][4], suggesting potential for unauthorized access or information disclosure, but no concrete outcome is specified in the public references.

Mitigation

The vulnerability is fixed in Joomla! 1.5.4, released on July 8, 2008 [2][4]. Users should upgrade to version 1.5.4 or later. As this is an older, end-of-life (EOL) Joomla! version, users on unpatched instances should consider upgrading to a supported release. There is no known CISA KEV listing for this CVE.

References
  1. NVD - CVE-2008-3228
  2. Joomla! 1.5.4 Released
  3. Joomla.org

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
joomla/joomla-platformPackagist
< 1.5.41.5.4

Affected products

25
  • Joomla/Joomla!24 versions
    cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*+ 23 more
    • cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*range: <=1.5.3
    • cpe:2.3:a:joomla:joomla:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.03:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.5.0_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.5.0_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.5.0_beta2:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.5.0_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*
  • ghsa-coords
    pkg:composer/joomla/joomla-platform
    Range: < 1.5.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.