Joomla! Security News

  1. [20180104] - Core - SQLi vulnerability in Hathor postinstall message

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.7.0 through 3.8.3
    • Exploit type: SQLi
    • Reported Date: 2017-November-17
    • Fixed Date: 2018-January-30
    • CVE Number: CVE-2018-6376

    Description

    The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.8.3

    Solution

    Upgrade to version 3.8.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Karim Ouerghemmi, ripstech.com
  2. [20180103] - Core - XSS vulnerability in Uri class

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 1.5.0 through 3.8.3
    • Exploit type: XSS
    • Reported Date: 2017-November-17
    • Fixed Date: 2018-January-30
    • CVE Number: CVE-2018-6379

    Description

    Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.8.3

    Solution

    Upgrade to version 3.8.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Octavian Cinciu
  3. [20180102] - Core - XSS vulnerability in com_fields

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.7.0 through 3.8.3
    • Exploit type: XSS
    • Reported Date: 2018-January-20
    • Fixed Date: 2018-January-30
    • CVE Number: CVE-2018-6377

    Description

    Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.8.3

    Solution

    Upgrade to version 3.8.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Benjamin Trenkle, JSST
  4. [20180101] - Core - XSS vulnerability in module chromes

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0 through 3.8.3
    • Exploit type: XSS
    • Reported Date: 2018-January-21
    • Fixed Date: 2018-January-30
    • CVE Number: CVE-2018-6380

    Description

    Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

    Affected Installs

    Joomla! CMS versions 3.0.0 through 3.8.3

    Solution

    Upgrade to version 3.8.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: David Jardin, JSST
  5. [20171103] - Core - Information Disclosure

    • Project: Joomla!
    • SubProject: CMS
    • Severity: Low
    • Versions: 3.7.0 through 3.8.1
    • Exploit type: Information Disclosure
    • Reported Date: 2017-May-17
    • Fixed Date: 2017-November-07
    • CVE Number: CVE-2017-16633

    Description

    A logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.8.1

    Solution

    Upgrade to version 3.8.2

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Internal JSST audit

Recently Won Cases

Front Page Recently Won Disability SSI SSDI www.disabilityresolution.com Walter Hnot flat v.2Please click here to view Attorney Walter Hnot's recent legal case wins.  You'll be able to see why people say, "I went with Walt!"

RECENT CASE WINS

Disability Resolution Law Library

Front Page Law Library Disability SSI SSDI www.disabilityresolution.com Walter Hnot flatIFrom articles, to images, to even videos, the law library has an ocean's worth of knowledge that you can learn from.

LEARN THE LAW NOW

Go to top