Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact:Moderate
    • Severity: Low
    • Versions: 2.5.0 through 3.8.12
    • Exploit type: CSRF
    • Reported Date: 2018-September-26
    • Fixed Date: 2018-October-02
    • CVE Number: CVE-2018-17858

    Description

    Added additional CSRF hardening in com_installer actions in the backend.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.8.12

    Solution

    Upgrade to version 3.8.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Raviraj A. Powar
    JoomlaSecurityNews?d=yIl2AUoC8zA Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    nfI3_UnJIrM Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Moderate
    • Severity: Low
    • Versions: 1.5.0 through 3.8.12
    • Exploit type: ACL Violation
    • Reported Date: 2017-December-27
    • Fixed Date: 2018-October-02
    • CVE Number: CVE-2018-17855

    Description

    In case that an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.8.12

    Solution

    Upgrade to version 3.8.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Paul Freeman
    JoomlaSecurityNews?d=yIl2AUoC8zA Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    qGhSucxwoZo Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Moderate
    • Severity: Low
    • Versions: 3.1.0 through 3.8.12
    • Exploit type: ACL Violation
    • Reported Date: 2018-June-20
    • Fixed Date: 2018-October-02
    • CVE Number: CVE-2018-17857

    Description

    Inadequate checks on the tags search fields can lead to an access level violation.

    Affected Installs

    Joomla! CMS versions 3.1.0 through 3.8.12

    Solution

    Upgrade to version 3.8.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Андрей Капитанов
    JoomlaSecurityNews?d=yIl2AUoC8zA Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    nIIfD6jUDgU Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    • Project: Joomla!
    • SubProject: CMS
    • Impact:High
    • Severity: Low
    • Versions: 2.5.4 through 3.8.12
    • Exploit type: Object Injection
    • Reported Date: 2018-June-21
    • Fixed Date: 2018-October-02
    • CVE Number: CVE-2018-17856

    Description

    Joomla’s com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution.

    Affected Installs

    Joomla! CMS versions 2.5.4 through 3.8.12

    Solution

    Upgrade to version 3.8.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Codesafescan
    JoomlaSecurityNews?d=yIl2AUoC8zA Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    MptbHWIJjXM Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    • Project: Joomla!
    • SubProject: CMS
    • Impact:Moderate
    • Severity: Low
    • Versions: 2.5.0 through 3.8.12
    • Exploit type: Incorrect Access Control
    • Reported Date: 2018-September-17
    • Fixed Date: 2018-October-02
    • CVE Number: CVE-2018-17859

    Description

    Inadequate checks in com_contact could allowed mail submission in disabled forms.

    Affected Installs

    Joomla! CMS versions 2.5.0 through 3.8.12

    Solution

    Upgrade to version 3.8.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: David Jardin (JSST)
    JoomlaSecurityNews?d=yIl2AUoC8zA Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
    lkwPYx4JflE Network Gate - Enterprise Software Development - Network Gate - Enterprise Software Development
Network Gate and ITTuva

Network Gate and ITTuva is a software design and development company that provides end-to-end development service for web and mobile development. We work on a wide range of technologies ranging from open source to proprietary and custom built solutions.

Follow Us

Subscribe Us

If you have a great new tip, are interested in development on Network Gate, thinking about possible partnership opportunities, want to find out more about our upcoming events, would like to write a guest post, or just want to say "hello," be sure to drop us a line.

Via Vittorio Emanuele, 196, 95131 Catania CT, Italy Become Client +370 689 01259

Search

Address: Via Vittorio Emanuele, 196, 95131 Catania CT, Italia, Sicilia
Phone: (370) 689 01259

Cron Job Starts