The following metadata has been embedded in the body. Website Malware Removal Service – [20170704] - Core - Installer: Lack of Ownership Verification

[20170704] – Core – Installer: Lack of Ownership Verification

Posted by MalRemServ on 25 07 2017. 0 Comments

  • Project: Joomla!
  • SubProject: CMS Installer
  • Severity: High
  • Versions: 1.0.0 through 3.7.3
  • Exploit type: Lack of Ownership Verification
  • Reported Date: 2017-Apr-06
  • Fixed Date: 2017-July-25
  • CVE Number: CVE-2017-11364

Description

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

Please note: Already installed sites are not affected, as this issue is limited to the installer application!

Affected Installs

Joomla! CMS versions 1.0.0 through 3.7.3

Solution

Upgrade to version 3.7.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hanno Böck



This information provided by Security Announcements. For more information or details on this exploit or vulnerability, please visit Link.

If you have this installed, we highly recommend you update to the latest version immediately, or if you are no longer using it, remove it from your site. If your site has been compromised due to this vulnerability, we can help.

If you aren’t technical and you need immediate assistance, we can reduce the impact and prevent further damage quickly – Now is your chance, we can have the typical site cleaned and secured in just a few hours. Check out our Pricing page for details on our professional, reliable malware removal services.

[20170704] – Core – Installer: Lack of Ownership Verification

Posted by MalRemServ on 25 07 2017. 0 Comments

  • Project: Joomla!
  • SubProject: CMS Installer
  • Severity: High
  • Versions: 1.0.0 through 3.7.3
  • Exploit type: Lack of Ownership Verification
  • Reported Date: 2017-Apr-06
  • Fixed Date: 2017-July-25
  • CVE Number: CVE-2017-11364

Description

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

Please note: Already installed sites are not affected, as this issue is limited to the installer application!

Affected Installs

Joomla! CMS versions 1.0.0 through 3.7.3

Solution

Upgrade to version 3.7.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hanno Böck



This information provided by Security Announcements. For more information or details on this exploit or vulnerability, please visit Link.

If you have this installed, we highly recommend you update to the latest version immediately, or if you are no longer using it, remove it from your site. If your site has been compromised due to this vulnerability, we can help.

If you aren’t technical and you need immediate assistance, we can reduce the impact and prevent further damage quickly – Now is your chance, we can have the typical site cleaned and secured in just a few hours. Check out our Pricing page for details on our professional, reliable malware removal services.

[20170704] – Core – Installer: Lack of Ownership Verification

Posted by MalRemServ on 25 07 2017. 0 Comments

  • Project: Joomla!
  • SubProject: CMS Installer
  • Severity: High
  • Versions: 1.0.0 through 3.7.3
  • Exploit type: Lack of Ownership Verification
  • Reported Date: 2017-Apr-06
  • Fixed Date: 2017-July-25
  • CVE Number: CVE-2017-11364

Description

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

Please note: Already installed sites are not affected, as this issue is limited to the installer application!

Affected Installs

Joomla! CMS versions 1.0.0 through 3.7.3

Solution

Upgrade to version 3.7.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hanno Böck



This information provided by Security Announcements. For more information or details on this exploit or vulnerability, please visit Link.

If you have this installed, we highly recommend you update to the latest version immediately, or if you are no longer using it, remove it from your site. If your site has been compromised due to this vulnerability, we can help.

If you aren’t technical and you need immediate assistance, we can reduce the impact and prevent further damage quickly – Now is your chance, we can have the typical site cleaned and secured in just a few hours. Check out our Pricing page for details on our professional, reliable malware removal services.

[20170704] – Core – Installer: Lack of Ownership Verification

Posted by MalRemServ on 25 07 2017. 0 Comments

  • Project: Joomla!
  • SubProject: CMS Installer
  • Severity: High
  • Versions: 1.0.0 through 3.7.3
  • Exploit type: Lack of Ownership Verification
  • Reported Date: 2017-Apr-06
  • Fixed Date: 2017-July-25
  • CVE Number: CVE-2017-11364

Description

The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.

Please note: Already installed sites are not affected, as this issue is limited to the installer application!

Affected Installs

Joomla! CMS versions 1.0.0 through 3.7.3

Solution

Upgrade to version 3.7.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Hanno Böck



This information provided by Security Announcements. For more information or details on this exploit or vulnerability, please visit Link.

If you have this installed, we highly recommend you update to the latest version immediately, or if you are no longer using it, remove it from your site. If your site has been compromised due to this vulnerability, we can help.

If you aren’t technical and you need immediate assistance, we can reduce the impact and prevent further damage quickly – Now is your chance, we can have the typical site cleaned and secured in just a few hours. Check out our Pricing page for details on our professional, reliable malware removal services.