Carousel PRO Included

Need to display your images as a carousel? Easily done with our new Joomla extension. Again, usage is very simple. You need to enter path to your images and your carousel is ready.

Switch between effects (fade and scroll), and select between articles or images mode. Retrieve articles from sections, categories or individually. Retrieve images from any directory on server. Learn more

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.9.0-3.9.14
    • Exploit type: XSS
    • Reported Date: 2019-December-25
    • Fixed Date: 2020-January-28
    • CVE Number: CVE-2020-8421

    Description

    Inadequate escaping of usernames allow XSS attacks in com_actionlogs.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.14

    Solution

    Upgrade to version 3.9.15

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Mayank Kumbhar from Techjoomla
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.14
    • Exploit type: CSRF
    • Reported Date: 2019-December-18
    • Fixed Date: 2020-January-28
    • CVE Number: CVE-2020-8420

    Description

    A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.14

    Solution

    Upgrade to version 3.9.15

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.14
    • Exploit type: CSRF
    • Reported Date: 2019-December-23
    • Fixed Date: 2020-January-28
    • CVE Number: CVE-2020-8419

    Description

    Missing token checks in the batch actions of various components causes CSRF vulnerabilities.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.14

    Solution

    Upgrade to version 3.9.15

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 2.5.0 - 3.9.13
    • Exploit type: SQL injection
    • Reported Date: 2019-December-01
    • Fixed Date: 2019-December-17
    • CVE Number: CVE-2019-19846

    Description

    The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.13

    Solution

    Upgrade to version 3.9.14

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: ka1n4t
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.8.0 - 3.9.13
    • Exploit type: Path Disclosure
    • Reported Date: 2019-November-22
    • Fixed Date: 2019-December-17
    • CVE Number: CVE-2019-19845

    Description

    Missing access check in framework files could lead to a path disclosure.

    Affected Installs

    Joomla! CMS versions 3.8.0 - 3.9.13

    Solution

    Upgrade to version 3.9.14

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Lee Thao, Viettel Cyber Security

The Twin House

houseLorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna. View More

Under the Palm Tree

joomla real estateLorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna. View More

House on the Beach

real estate templateLorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna. View More