Joomla News
In diesem Bereich veröffentlichen wir unser News zum Thema Joomla! und seinen unzähligen Erweiterungen GOTO https://extensions.joomla.org
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! / Joomla! Framework SubProject: CMS / archive Impact: Moderate Severity: Low Probability: Low Versions: 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Path Traversal Reported Date: 2022-02-20 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23793 Description Extracting an specifilcy crafted tar package could write files outside of the intended path. Affected Installs Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Egidio Romano...
- Zugriffe: 138
Weiterlesen: [20220301] - Core - Zip Slip within the Tar extractor
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! / Joomla! Framework SubProject: CMS / filesystem Impact: Low Severity: Low Probability: Low Versions: 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Path Disclosure Reported Date: 2021-02-17 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23794 Description Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. Affected Installs Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: DangKhai from Viettel Cyber Security...
- Zugriffe: 146
Weiterlesen: [20220302] - Core - Path Disclosure within filesystem error messages
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: High Severity: Low Probability: Low Versions: 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Incorrect Access Control Reported Date: 2020-09-23 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23795 Description A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. Affected Installs Joomla! CMS versions 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor...
- Zugriffe: 147
Weiterlesen: [20220303] - Core - User row are not bound to a authentication mechanism
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Probability: Low Versions: 3.7.0 - 3.10.6 Exploit type: XSS Reported Date: 2021-05-06 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23796 Description Lack of input validation could allow an XSS attack using com_fields Affected Installs Joomla! CMS versions 3.7.0 - 3.10.6 Solution Upgrade to version 3.10.7 Contact The JSST at the Joomla! Security Centre. Reported By: Hoàng Nguyễn...
- Zugriffe: 133
Weiterlesen: [20220304] - Core - Missing input validation within com_fields class inputs
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: High Severity: Low Probability: Low Versions: 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: SQL Injection Reported Date: 2021-03-04 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23797 Description Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. Affected Installs Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 & 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Hoàng Nguyễn...
- Zugriffe: 139
Weiterlesen: [20220305] - Core - Inadequate filtering on the selected Ids
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! / Joomla! Framework SubProject: CMS / input Impact: Moderate Severity: Low Probability: Low Versions: 4.0.0 - 4.1.0 Exploit type: Variable Tampering Reported Date: 2021-11-05 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23799 Description Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. Affected Installs Joomla! CMS versions 4.0.0 - 4.1.0 Solution Upgrade to version 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Nicholas K. Dionysopoulos, Phil Taylor...
- Zugriffe: 184
Weiterlesen: [20220307] - Core - Variable Tampering on JInput $_REQUEST data
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Open redirect Reported Date: 2021-03-23 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23798 Description Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. Affected Installs Joomla! CMS versions 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 & 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Loïc LE MÉTAYER...
- Zugriffe: 140
Weiterlesen: [20220306] - Core - Inadequate validation of internal URLs
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Probability: Low Versions: 4.0.0 - 4.1.0 Exploit type: XSS Reported Date: 2021-08-25 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23801 Description Possible XSS attack vector through SVG embedding in com_media. Affected Installs Joomla! CMS versions 4.0.0 - 4.1.0 Solution Upgrade to version 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Julia Polner, Simon Stockhause...
- Zugriffe: 142
Weiterlesen: [20220309] - Core - XSS attack vector through SVG
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! / Joomla! Framework SubProject: CMS / filter Impact: Moderate Severity: Low Probability: Low Versions: 4.0.0 - 4.1.0 Exploit type: XSS Reported Date: 2022-01-19 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23800 Description Inadequate content filtering leads to XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 4.0.0 - 4.1.0 Solution Upgrade to version 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Sebastian Morris, pwnCTRL...
- Zugriffe: 150
Weiterlesen: [20220308] - Core - Inadequate content filtering within the filter code
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: High Versions: 4.0.0 Exploit type: Incorrect Access Control Reported Date: 2021-08-20 Fixed Date: 2021-08-24 CVE Number: CVE-2021-26040 Description The media manager does not correctly check the user's permissions before executing a file deletion command. Affected Installs Joomla! CMS versions 4.0.0 Solution Upgrade to version 4.0.1 Contact The JSST at the Joomla! Security Centre. Reported By: Maverick...
- Zugriffe: 351
Weiterlesen: [20210801] - Core - Insufficient access control for com_media deletion endpoint
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 - 3.9.27 Exploit type: XSS Reported Date: 2021-05-29 Fixed Date: 2021-07-06 CVE Number: CVE-2021-26035 Description Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.27 Solution Upgrade to version 3.9.28 Contact The JSST at the Joomla! Security Centre. Reported By: Hoang Nguyen...
- Zugriffe: 337
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 2.5.0 - 3.9.27 Exploit type: DoS Reported Date: 2021-06-08 Fixed Date: 2021-07-06 CVE Number: CVE-2021-26036 Description Missing validation of input could lead to a broken usergroups table. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.27 Solution Upgrade to version 3.9.28 Contact The JSST at the Joomla! Security Centre. Reported By: Hoang Kien from VSEC...
- Zugriffe: 348
Weiterlesen: [20210702] - Core - DoS through usergroup table manipulation
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 2.5.0 - 3.9.27 Exploit type: Incorrect Session Handling Reported Date: 2019-02-08 Fixed Date: 2021-07-06 CVE Number: CVE-2021-26037 Description Various CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.27 Solution Upgrade to version 3.9.28 Contact The JSST at the Joomla! Security Centre. Reported By: Carsten Schmitz, Atik Islam, Dennis Hermatski, Muhammad Hussain, th3lawbreaker, Hoang Kien...
- Zugriffe: 370
Weiterlesen: [20210703] - Core - Lack of enforced session termination
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.0 - 3.9.27 Exploit type: Incorrect Access Control Reported Date: 2021-06-06 Fixed Date: 2021-07-06 CVE Number: CVE-2021-26038 Description Install action in com_installer lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default com_installer is limited to super users already. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.27 Solution Upgrade to version 3.9.28 Contact The JSST at the Joomla! Security Centre. Reported By: Nicholas Dionysopoulos...
- Zugriffe: 345
Weiterlesen: [20210704] - Core - Privilege escalation through com_installer
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0 - 3.9.27 Exploit type: XSS Reported Date: 2021-06-22 Fixed Date: 2021-07-06 CVE Number: CVE-2021-26039 Description Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.27 Solution Upgrade to version 3.9.28 Contact The JSST at the Joomla! Security Centre. Reported By: Hagai Wechsler / WhiteSourceSoftware...
- Zugriffe: 348
- Details
- Marcel Würsch
- Kategorie: Joomla News
Zeigen Sie Ihren Besuchern einen Cookie-Alarm gemäß der Gesetzgebung der Europäischen Union
und blockieren Sie die Cookies bis zur Annahme.
https://extensions.joomla.org/extension/cookies-ck/
Blockiert die Cookies, bis der Benutzer auf die Schaltfläche klickt, um sie zu akzeptieren
Zeigt ein kleines Cookie-Symbol an, um die Benutzerauswahl zu aktualisieren
Legen Sie eine Artikel-ID für den Weiterlesen-Link fest
Kompatible Mehrsprachigkeit für Artikelassoziation
Schreiben Sie Ihren eigenen Text, indem Sie die Sprachdateien bearbeiten
Die nicht aufdringliche Integration drückt den Inhalt nach unten und verbirgt Ihren Website-Bereich nicht
Farboptionen im Plugin-Admin-Panel
- Zugriffe: 415
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 - 3.9.26 Exploit type: XSS Reported Date: 2021-03-05 Fixed Date: 2021-05-25 CVE Number: CVE-2021-26032 Description HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.26 Solution Upgrade to version 3.9.27 Contact The JSST at the Joomla! Security Centre. Reported By: Adrian Tiron, Fortbridge...
- Zugriffe: 388
Weiterlesen: [20210501] - Core - Adding HTML to the executable block list of...
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 - 3.9.26 Exploit type: CSRF Reported Date: 2021-05-07 Fixed Date: 2021-05-25 CVE Number: CVE-2021-26033 Description A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.26 Solution Upgrade to version 3.9.27 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor...
- Zugriffe: 356
Weiterlesen: [20210502] - Core - CSRF in AJAX reordering endpoint
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 - 3.9.26 Exploit type: CSRF Reported Date: 2021-05-07 Fixed Date: 2021-05-25 CVE Number: CVE-2021-26034 Description A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.26 Solution Upgrade to version 3.9.27 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor...
- Zugriffe: 337
Weiterlesen: [20210503] - Core - CSRF in data download endpoints
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Connect with your website visitors for free with the 3CX Live Chat plugin. Increase conversions and boost customer satisfaction by communicating directly with your website visitors in real-time. Integrate with 3CX for a multichannel communications suite including voice and video (requires 3CX V16). Get 3CX for free ( https://www.3cx.com/phone-system/download-phone-system/ ) for one year for unlimited users hosted by 3CX, in your own cloud account or on-premise on Windows or Linux. - Easy and convenient for visitors - Build rapport with potential customers via live chat - Increase sales - Reduce customer support line costs by using live chat - Learn to understand the pain points of your customers FEATURES No hidden costs, it’s free Unlimited agents Live chat with your website visitors Transfer chats to other agents Set up departments Easy to use interface for both the admin and the visitor Fully customizable chat box Create a custom offline message form Storage of offline...
- Zugriffe: 399