See other templatesSee other templates

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.6.0 - 3.9.12
    • Exploit type: Path Disclosure
    • Reported Date: 2019-November-01
    • Fixed Date: 2019-November-05
    • CVE Number: CVE-2019-18674

    Description

    Missing access check in the phputf8 mapping files could lead to an path disclosure.

    Affected Installs

    Joomla! CMS versions 3.6.0 - 3.9.12

    Solution

    Upgrade to version 3.9.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.2.0-3.9.12
    • Exploit type: CSRF
    • Reported Date: 2019-October-10
    • Fixed Date: 2019-November-05
    • CVE Number: CVE-2019-18650

    Description

    A missing token check in com_template causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.2.0 - 3.9.12

    Solution

    Upgrade to version 3.9.13

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.11
    • Exploit type: XSS
    • Reported Date: 2019-August-28
    • Fixed Date: 2019-September-24
    • CVE Number: CVE-2019-16725

    Description

    Inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.11

    Solution

    Upgrade to version 3.9.12

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Aswin M Guptha
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 1.6.2 - 3.9.10
    • Exploit type: Incorrect Access Control
    • Reported Date: 2019-April-09
    • Fixed Date: 2019-August-13
    • CVE Number: CVE-2019-15028

    Description

    Inadequate checks in com_contact could allowed mail submission in disabled forms.

    Affected Installs

    Joomla! CMS versions 1.6.2 - 3.9.10

    Solution

    Upgrade to version 3.9.11

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Sergey Brester
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.9.7 - 3.9.8
    • Exploit type: Remote Code Execution
    • Reported Date: 2019-June-20
    • Fixed Date: 2019-July-09
    • CVE Number: CVE-2019-14654

    Description

    Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.

    Affected Installs

    Joomla! CMS versions 3.9.7 - 3.9.8

    Solution

    Upgrade to version 3.9.9

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Benjamin Trenkle, JSST
showcase
like-icon

Great Docs & Support

In addition to comprehensive documentations in PDF format, you also get support from friendly forum and dedicated support system.

Download docs

Free

Free Edition

In the case you are on tight budget or just want to taste this template before paying. We have free edition for you to download right now.

Download Free edition

Pro

FRO Edition

If you are serious about your time and money, consider to buy PRO edition to get full featured template and dedicated support service.

Buy PRO edition

Ga naar boven