The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: ACL Violation
  • Reported Date: 2017-March-01
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7989

Description

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Abdullah Hussam

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.6.0 through 3.6.5
  • Exploit type: ACL Violation
  • Reported Date: 2016-April-29
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7988

Description

Inadequate filtering of form contents lead allow to overwrite the author of an article.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: T-Systems Multimedia Solutions

Read more

  • Project: Joomla!
  • SubProject: CMS

Description

Joomla! 3.6.5 includes additional security hardening mechanisms prepared by the JSST, thanks in part to issue reports from Fotis Evangelou and Nicholas Dionysopoulos, which restricts a user's ability to make potentially damaging configuration changes. This includes restricting the ability to set the "New User Registration Group" and "Guest User Group" to a group with Super User permissions and restricting the ability for a lesser privileged user to make user group assignment changes to users in a Super User group.

Additionally, we have modified the behavior of JUser::authorise() to only return a boolean value. Previously, this method could return either a boolean value or null because the underlying call to JAccess::check() can also return a null value; neither JUser::authorise() or JAccess::check() documented this though. We have determined that based on how the API is used that JUser::authorise() should only return a boolean value. If a developer requires the previous behavior of a null return value (which indicates an "implicit" denied state versus "explicit" signified by boolean false), they should use JAccess::check() instead. The documentation for JAccess::check() has been updated to indicate the null return value as well.

Contact

The JSST at the Joomla! Security Centre....

Read more

  • Project: Joomla!
  • Severity: High
  • Versions: 1.6.0 through 3.6.5
  • Exploit type: Remote Code Execution in PHPMailer library
  • CVE Number: CVE-2016-10033

Description

All versions of the PHPMailer library distributed with Joomla are vulnerable to a remote code execution vulnerability. This is patched in PHPMailer 5.2.18 which will be included with Joomla! 3.7. After analysis, the JSST has determined that through correct use of the JMail class, there are additional validations in place which make executing this vulnerability impractical within the Joomla environment. As well, the vulnerability requires being able to pass user input to a message’s “from” address; all places in the core Joomla API which send mail use the sender address set in the global configuration and does not allow for user input to be set elsewhere. However, extensions which bundle a separate version of PHPMailer or do not use the Joomla API to send email may be vulnerable to this issue.

Generally, the Joomla project does not issue advisories regarding third party libraries, however given the severity of this issue we felt it important to advise our users that we are aware of this issue and we have determined that the additional validations in our API prevent triggering this vulnerability.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.5

Solution

No action required for Joomla users, the updated library will be included in the next scheduled release and additional mechanisms exist in Joomla core to prevent triggering the vulnerability. Users of the PHPMailer library separate from Joomla are advised to upgrade to 5.2.18 or newer ASAP.

Additional Resources

Contact

The JSST at the Joomla! Security Centre....

Reported By: Dawid Golunski

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.6.4
  • Exploit type: Information Disclosure
  • Reported Date: 2016-April-15
  • Fixed Date: 2016-December-06
  • CVE Number: CVE-2016-9837

Description

Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.6.4

Solution

Upgrade to version 3.6.5

Contact

The JSST at the Joomla! Security Centre....

Reported By: Christiaan Klatte and Brian Teeman

Read more