The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.2.0 through 3.4.4
  • Exploit type: SQL Injection
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858

Description

Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre....

Reported By: Asaf Orpani of Trustwave and Netanel Rubin at PerimeterX

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.2.0 through 3.4.4
  • Exploit type: ACL Violation
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Number: CVE-2015-7859

Description

Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre....

Reported By: JSST

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.4.0 through 3.4.3
  • Exploit type: XSS Vulnerability
  • Reported Date: 2015-August-18
  • Fixed Date: 2015-September-08
  • CVE Number: requested

Description

Inadequate escaping leads to XSS vulnerability in login module.

Affected Installs

Joomla! CMS versions 3.4.0 through 3.4.3

Solution

Upgrade to version 3.4.4

Contact

The JSST at the Joomla! Security Center....

Reported By: cfreer

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Moderate
  • Versions: 3.0.0 through 3.4.4
  • Exploit type: ACL Violation
  • Reported Date: 2015-October-15
  • Fixed Date: 2015-October-22
  • CVE Number: CVE-2015-7899

Description

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.4

Solution

Upgrade to version 3.4.5

Contact

The JSST at the Joomla! Security Centre....

Reported By: JSST

Read more

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.4.1
  • Exploit type: CSRF Protection
  • Reported Date: 2015-April-06
  • Fixed Date: 2015-June-30
  • CVE Number: tbd

Description

Lack of CSRF checks potentially enabled uploading malicious code.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Contact

The JSST at the Joomla! Security Center....

Reported By: Eric Flokstra

Read more