News Feed Category

Joomla! Security News

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.9.0-3.9.14
    • Exploit type: XSS
    • Reported Date: 2019-December-25
    • Fixed Date: 2020-January-28
    • CVE Number: CVE-2020-8421

    Description

    Inadequate escaping of usernames allow XSS attacks in com_actionlogs.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.14

    Solution

    Upgrade to version 3.9.15

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Mayank Kumbhar from Techjoomla
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.14
    • Exploit type: CSRF
    • Reported Date: 2019-December-18
    • Fixed Date: 2020-January-28
    • CVE Number: CVE-2020-8420

    Description

    A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.14

    Solution

    Upgrade to version 3.9.15

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.14
    • Exploit type: CSRF
    • Reported Date: 2019-December-23
    • Fixed Date: 2020-January-28
    • CVE Number: CVE-2020-8419

    Description

    Missing token checks in the batch actions of various components causes CSRF vulnerabilities.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.14

    Solution

    Upgrade to version 3.9.15

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 2.5.0 - 3.9.13
    • Exploit type: SQL injection
    • Reported Date: 2019-December-01
    • Fixed Date: 2019-December-17
    • CVE Number: CVE-2019-19846

    Description

    The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.13

    Solution

    Upgrade to version 3.9.14

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: ka1n4t
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.8.0 - 3.9.13
    • Exploit type: Path Disclosure
    • Reported Date: 2019-November-22
    • Fixed Date: 2019-December-17
    • CVE Number: CVE-2019-19845

    Description

    Missing access check in framework files could lead to a path disclosure.

    Affected Installs

    Joomla! CMS versions 3.8.0 - 3.9.13

    Solution

    Upgrade to version 3.9.14

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Lee Thao, Viettel Cyber Security

About Home Fixer Ads

Homefixerads.co.za is your best source for all projects regarding building, renovation, repairs and maintenance.

On this site, you’ll discover service providers from local and national suppliers and outlets.

Whether you want to start your own project or hire a contractor you will be able choose from a list of available contractors and suppliers.

Read the reviews and add your review after completion of the project. Compare rates and find discounts and promotions!

Social Media Links

© 2019 Home Fixer Ads. All Rights Reserved.

Search