News Feed Category

    Você está aqui:  
  1. Página Principal
  2. PRODUTOS
  3. 4
  4. News Feeds Component
  5. News Feed Category
  6. Joomla! Security News

Joomla! Security News

  1. [20200802] - Core - Open redirect in com_content vote feature

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.20
    • Exploit type: Open Redirect
    • Reported Date: 2020-July-05
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24598

    Description

    Lack of input validation in com_content leads to an open redirect.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Ahmad Kamaran Jamil

  2. [20200803] - Core - Directory traversal in com_media

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 2.5.0-3.9.20
    • Exploit type: Directory Traversal
    • Reported Date: 2020-February-02
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24597

    Description

    Lack of input validation allows com_media root paths outside of the webroot.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC

  3. [20200801] - Core - XSS in mod_latestactions

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.9.0-3.9.20
    • Exploit type: XSS
    • Reported Date: 2020-August-21
    • Fixed Date: 2020-August-25
    • CVE Number: CVE-2020-24599

    Description

    Lack of escaping in mod_latestactions allows XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.20

    Solution

    Upgrade to version 3.9.21

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Peter Martin

  4. [20200706] - Core - System Information screen could expose redis or proxy credentials

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: Information Disclosure
    • Reported Date: 2020-Jun-17
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15698

    Description

    Inadequate filtering in the system information screen could expose redis or proxy credentials

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor

  5. [20200705] - Core - Escape mod_random_image link

    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: XSS
    • Reported Date: 2020-Jun-08
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15696

    Description

    Lack of input filtering and escaping allows XSS attacks in mod_random_image

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor

Piter Pan Indústria e Comércio Ltda.

R. Solon, 1100 - B. Retiro S. Paulo/SP Brasil
Código Postal: 01127-010
Tel: 55 11 - 3357-0000
piterpan@piterpan.com.br
© 2016 Piter Pan. All Rights Reserved.

Search