News Feed Category

    Sa oled siin:  
  1. Pealeht
  2. Joomla!
  3. Other Components
  4. News Feeds Component
  5. News Feed Category
  6. Joomla! Security News

Joomla! Security News

  1. [20201107] - Core - Write ACL violation in multiple core views

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions:1.7.0 - 3.9.22
    • Exploit type: ACL Violation
    • Reported Date: 2018-11-04
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-35616

    Description

    Lack of input validation while handling ACL rulesets can cause write ACL violations.

    Affected Installs

    Joomla! CMS versions 1.7.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Elisa Foltyn, Benjamin Trenkle

  2. [20201106] - Core - CSRF in com_privacy emailexport feature

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.9.0-3.9.22
    • Exploit type: CSRF
    • Reported Date: 2020-10-08
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-35615

    Description

    A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Lee Thao from Viettel Cyber Security

  3. [20201105] - Core - User Enumeration in backend login

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.9.0-3.9.22
    • Exploit type: User Enumeration
    • Reported Date: 2020-08-15
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-35614

    Description

    Improper handling of the username leads to a user enumeration attack vector in the backend login page.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Phil Taylor

  4. [20201104] - Core - SQL injection in com_users list view

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.22
    • Exploit type: SQL Injection
    • Reported Date: 2020-10-13
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-35613

    Description

    Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  ka1n4t

  5. [20201103] - Core - Path traversal in mod_random_image

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 2.5.0-3.9.22
    • Exploit type: Path traversal
    • Reported Date: 2020-10-06
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-35612

    Description

    The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Lee Thao from Viettel Cyber Security, Phil Taylor

About Helix

Ball tip biltong pork belly frankfurter shankle jerky leberkas pig kielbasa kay boudin alcatra short loin.

Jowl salami leberkas turkey pork brisket meatball turducken flank bilto porke belly ball tip. pork belly frankf urtane bilto

Latest News

19 November 2018
19 November 2018
©2020 Abilane OÜ. All Rights Reserved. Designed By JoomShaper

Search