Sábado 04 de Mayo de 2024
JV color JV color JV color

You are here: Home News Feeds Joomla! Security News
Newsfeeds
Security Announcements


  • [20210402] - Core - Inadequate filters on module layout settings
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0 - 3.9.25
    • Exploit type: LFI
    • Reported Date: 2021-01-03
    • Fixed Date: 2021-04-13
    • CVE Number: CVE-2021-26031

    Description

    Inadequate filters on module layout settings could lead to an LFI.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.25

    Solution

    Upgrade to version 3.9.26

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Lee Thao from Viettel Cyber Security


  • [20210401] - Core - Escape xss in logo parameter error pages
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0 - 3.9.25
    • Exploit type: XSS
    • Reported Date: 2021-03-09
    • Fixed Date: 2021-04-13
    • CVE Number: CVE-2021-26030

    Description

    Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.25

    Solution

    Upgrade to version 3.9.26

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: HOANG NGUYEN


  • [20210307] - Core - ACL violation within com_content frontend editing
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0 - 3.9.24
    • Exploit type: ACL violation
    • Reported Date: 2020-10-25
    • Fixed Date: 2021-03-02
    • CVE Number: CVE-2021-26027

    Description

    Incorrect ACL checks could allow unauthorized change of the category for an article.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.24

    Solution

    Upgrade to version 3.9.25

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Brian Teeman, George Wilson (JSST), David Jardin (JSST)


  • [20210306] - Core - com_media allowed paths that are not intended for image uploads
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0 - 3.9.24
    • Exploit type: Improper Input Validation
    • Reported Date: 2020-02-17
    • Fixed Date: 2021-03-02
    • CVE Number: CVE-2021-23132

    Description

    com_media allowed paths that are not intended for image uploads.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.24

    Solution

    Upgrade to version 3.9.25

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC


  • [20210305] - Core - Input validation within the template manager
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.2.0 - 3.9.24
    • Exploit type: Improper Input Validation
    • Reported Date: 2020-05-07
    • Fixed Date: 2021-03-02
    • CVE Number: CVE-2021-23131

    Description

    Missing input validation within the template manager.

    Affected Installs

    Joomla! CMS versions 3.2.0 - 3.9.24

    Solution

    Upgrade to version 3.9.25

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security

Top Sellers

Demo 3Duis odio. Vestibulum mattis nisi consequat lectus. In purus.
Leer más...

Product Categories

Monitor Mouse and Keyboard Laptop

VirtueMart Shopping Cart

Show Cart
Your Cart is currently empty.

Latest News