Carousel PRO Included

Need to display your images as a carousel? Easily done with our new Joomla extension. Again, usage is very simple. You need to enter path to your images and your carousel is ready.

Switch between effects (fade and scroll), and select between articles or images mode. Retrieve articles from sections, categories or individually. Retrieve images from any directory on server. Learn more

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions:1.7.0 - 3.9.22
    • Exploit type: ACL Violation
    • Reported Date: 2018-11-04
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    Lack of input validation while handling ACL rulesets can cause write ACL violations.

    Affected Installs

    Joomla! CMS versions 1.7.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Elisa Foltyn, Benjamin Trenkle
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.9.0-3.9.22
    • Exploit type: CSRF
    • Reported Date: 2020-10-08
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.9.0-3.9.22
    • Exploit type: User Enumeration
    • Reported Date: 2020-08-15
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    Improper handling of the username leads to a user enumeration attack vector in the backend login page.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Phil Taylor
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.22
    • Exploit type: SQL Injection
    • Reported Date: 2020-10-13
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  ka1n4t
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 2.5.0-3.9.22
    • Exploit type: Path traversal
    • Reported Date: 2020-10-06
    • Fixed Date: 2020-11-24
    • CVE Number: CVE-2020-xxx (TBA)

    Description

    The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.22

    Solution

    Upgrade to version 3.9.23

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Lee Thao from Viettel Cyber Security, Phil Taylor

The Twin House

houseLorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna. View More

Under the Palm Tree

joomla real estateLorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna. View More

House on the Beach

real estate templateLorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna. View More