News Feed Category

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions:1.7.0 - 3.9.22
    • Exploit type: ACL Violation
    • Reported Date: 2018-11-04
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    Lack of input validation while handling ACL rulesets can cause write ACL violations.

    Affected Installs

    Joomla! CMS versions 1.7.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Elisa Foltyn, Benjamin Trenkle
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.9.0-3.9.22
    • Exploit type: CSRF
    • Reported Date: 2020-10-08
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.9.0-3.9.22
    • Exploit type: User Enumeration
    • Reported Date: 2020-08-15
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    Improper handling of the username leads to a user enumeration attack vector in the backend login page.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Phil Taylor
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.22
    • Exploit type: SQL Injection
    • Reported Date: 2020-10-13
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  ka1n4t
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 2.5.0-3.9.22
    • Exploit type: Path traversal
    • Reported Date: 2020-10-06
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Lee Thao from Viettel Cyber Security, Phil Taylor

About AT Tax

Ball tip biltong pork belly frankfurter shankle jerky leberkas pig kielbasa kay boudin alcatra short loin.

Jowl salami leberkas turkey pork brisket meatball turduc.

Get In Touch

Address: 262 Milacina Mrest.

Phone: +84 3333 6789.

Tax: +04 3333 6789.

Email: support@yoursiteurl.com

Website: www.yoursiteurl.com

Chinese traditional English Japanese Korean Spanish

Join Our Community

Sign up to receive email for the latest information.
© 2017 Your Company. All Rights Reserved. Designed By Age Themes

Search