“Mens sana in corpore sano” - (a healthy mind in a healthy body), famous Latin quotation

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 1.7.0-3.9.15
    • Exploit type: SQL Injection
    • Reported Date: 2020-March-9
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10243

    Description

    The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype.

    Affected Installs

    Joomla! CMS versions 1.7.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Sam Thomas, Pentest.co.uk
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.15
    • Exploit type: Other
    • Reported Date: 2020-February-07
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10240

    Description

    Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.7.0-3.9.15
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-February-28
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10239

    Description

    Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.

    Affected Installs

    Joomla! CMS versions 3.7.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Hoang Kien from VSEC
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 2.5.0-3.9.15
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-January-31
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10238

    Description

    Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Hoang Kien from VSEC
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.15
    • Exploit type: XSS
    • Reported Date: 2020-February-24
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10242

    Description

    Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Pham Van Khanh
joomla wellnessLorem Ipsum has been the industry's standard dummy text ever since the 1500s...