The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 1.7.3 - 3.7.2
  • Exploit type: XSS
  • Reported Date: 2017-June-04
  • Fixed Date: 2017-July-04
  • CVE Number: CVE-2017-9934

Description

Missing CSRF token checks and improper input validation lead to an XSS vulnerability.

Affected Installs

Joomla! CMS versions 1.7.3-3.7.2

Solution

Upgrade to version 3.7.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Envo

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 1.7.3 - 3.7.2
  • Exploit type: Information Disclosure
  • Reported Date: 2016-Feb-05
  • Fixed Date: 2017-July-04
  • CVE Number: CVE-2017-9933

Description

Improper cache invalidation leads to disclosure of form contents.

Affected Installs

Joomla! CMS versions 1.7.3-3.7.2

Solution

Upgrade to version 3.7.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Jeff Channell

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.4.0 through 3.6.5
  • Exploit type: Information Disclosure
  • Reported Date: 2016-Feb-06
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-8057

Description

Multiple files caused full path disclosures on systems with enabled error reporting.

Affected Installs

Joomla! CMS versions 3.4.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Sim of tencent security

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.7.0
  • Exploit type: SQL Injection
  • Reported Date: 2017-May-11
  • Fixed Date: 2017-May-17
  • CVE Number: CVE-2017-8917

Description

Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs

Joomla! CMS versions 3.7.0

Solution

Upgrade to version 3.7.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Marc-Alexandre Montpas / sucuri.net

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: ACL Violation
  • Reported Date: 2017-March-01
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7989

Description

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Abdullah Hussam

Read more