Tag: Security Centre

[20191202] – Core – Various SQL injections through configuration parameters

Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 2.5.0 – 3.9.13
Exploit type: SQL injection
Reported Date: 2019-December-01
Fixed Date: 2019-December-17
CVE Number: CVE-2019-19846

Description
The lack of validation of configurati…


December 16, 2019 0

[20191201] – Core – Path Disclosure in framework files

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.0 – 3.9.13
Exploit type: Path Disclosure
Reported Date: 2019-November-22
Fixed Date: 2019-December-17
CVE Number: CVE-2019-19845

Description
Missing access check in framework fi…


December 16, 2019 0

[20191002] – Core – Path Disclosure in phpuft8 mapping files

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.6.0 – 3.9.12
Exploit type: Path Disclosure
Reported Date: 2019-November-01
Fixed Date: 2019-November-05
CVE Number: CVE-2019-18674

Description
Missing access check in the phputf8 …


November 5, 2019 0

[20191001] – Core – CSRF in com_template overrides view

Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.2.0-3.9.12
Exploit type: CSRF
Reported Date: 2019-October-10
Fixed Date: 2019-November-05
CVE Number: CVE-2019-18650

Description
A missing token check in com_template causes a CS…


November 5, 2019 0

[20190901] – Core – XSS in logo parameter of default templates

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0-3.9.11
Exploit type: XSS
Reported Date: 2019-August-28
Fixed Date: 2019-September-24
CVE Number: CVE-2019-16725

Description
Inadequate escaping allowed XSS attacks using …


September 24, 2019 0

[20190801] – Core – Hardening com_contact contact form

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.6.2 – 3.9.10
Exploit type: Incorrect Access Control
Reported Date: 2019-April-09
Fixed Date: 2019-August-13
CVE Number: CVE-2019-XXXXX

Description
Inadequate checks in com_co…


August 13, 2019 0

[20190701] – Core – Filter attribute in subform fields allows remote code execution

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.9.7 – 3.9.8
Exploit type: Remote Code Execution
Reported Date: 2019-June-20
Fixed Date: 2019-July-09
CVE Number: TBA

Description
Inadequate filtering allows users authorised …


July 9, 2019 0

[20190603] – Core – ACL hardening of com_joomlaupdate

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.13 through 3.9.6
Exploit type: Incorrect Access Control
Reported Date: 2019-April-10
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12764

Description
The update server URL of com…


June 11, 2019 0

[20190603] – Core – ACL hardening of com_joomlaupdate

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.13 through 3.9.6
Exploit type: Incorrect Access Control
Reported Date: 2019-April-10
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12764

Description
The update server URL of com…


June 11, 2019 0

[20190603] – Core – ACL hardening of com_joomlaupdate

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.13 through 3.9.6
Exploit type: Incorrect Access Control
Reported Date: 2019-April-10
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12764

Description
The update server URL of com…


June 11, 2019 0