• +54 9 2657 529169
  • fernando@estudiomarketing.com.ar

    News Feed Category

    Joomla! Security News

      • Project: Joomla!
      • SubProject: CMS
      • Impact: High
      • Severity: Low
      • Versions: 3.7.0 through 3.8.3
      • Exploit type: SQLi
      • Reported Date: 2017-November-17
      • Fixed Date: 2018-January-30
      • CVE Number: CVE-2018-6376

      Description

      The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

      Affected Installs

      Joomla! CMS versions 3.7.0 through 3.8.3

      Solution

      Upgrade to version 3.8.4

      Contact

      The JSST at the Joomla! Security Centre.

      Reported By: Karim Ouerghemmi, ripstech.com
      • Project: Joomla!
      • SubProject: CMS
      • Impact: Moderate
      • Severity: Low
      • Versions: 1.5.0 through 3.8.3
      • Exploit type: XSS
      • Reported Date: 2017-November-17
      • Fixed Date: 2018-January-30
      • CVE Number: CVE-2018-6379

      Description

      Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.

      Affected Installs

      Joomla! CMS versions 1.5.0 through 3.8.3

      Solution

      Upgrade to version 3.8.4

      Contact

      The JSST at the Joomla! Security Centre.

      Reported By: Octavian Cinciu
      • Project: Joomla!
      • SubProject: CMS
      • Impact: Moderate
      • Severity: Low
      • Versions: 3.7.0 through 3.8.3
      • Exploit type: XSS
      • Reported Date: 2018-January-20
      • Fixed Date: 2018-January-30
      • CVE Number: CVE-2018-6377

      Description

      Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.

      Affected Installs

      Joomla! CMS versions 3.7.0 through 3.8.3

      Solution

      Upgrade to version 3.8.4

      Contact

      The JSST at the Joomla! Security Centre.

      Reported By:Benjamin Trenkle, JSST
      • Project: Joomla!
      • SubProject: CMS
      • Impact: Moderate
      • Severity: Low
      • Versions: 3.0.0 through 3.8.3
      • Exploit type: XSS
      • Reported Date: 2018-January-21
      • Fixed Date: 2018-January-30
      • CVE Number: CVE-2018-6380

      Description

      Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

      Affected Installs

      Joomla! CMS versions 3.0.0 through 3.8.3

      Solution

      Upgrade to version 3.8.4

      Contact

      The JSST at the Joomla! Security Centre.

      Reported By: David Jardin, JSST
      • Project: Joomla!
      • SubProject: CMS
      • Severity: Low
      • Versions: 3.7.0 through 3.8.1
      • Exploit type: Information Disclosure
      • Reported Date: 2017-May-17
      • Fixed Date: 2017-November-07
      • CVE Number: CVE-2017-16633

      Description

      A logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

      Affected Installs

      Joomla! CMS versions 3.7.0 through 3.8.1

      Solution

      Upgrade to version 3.8.2

      Contact

      The JSST at the Joomla! Security Centre.

      Reported By: Internal JSST audit

    About Helix

    Ball tip biltong pork belly frankfurter shankle jerky leberkas pig kielbasa kay boudin alcatra short loin.

    Jowl salami leberkas turkey pork brisket meatball turducken flank bilto porke belly ball tip. pork belly frankf urtane bilto