Joomla News
In diesem Bereich veröffentlichen wir unser News zum Thema Joomla! und seinen unzähligen Erweiterungen GOTO https://extensions.joomla.org
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Critical Severity: High Probability: High Versions: 4.0.0-4.2.7 Exploit type: Incorrect Access Control Reported Date: 2023-02-13 Fixed Date: 2023-02-16 CVE Number: CVE-2023-23752 Description An improper access check allows unauthorized access to webservice endpoints. Affected Installs Joomla! CMS versions 4.0.0-4.2.7 Solution Upgrade to version 4.2.8 Contact The JSST at the Joomla! Security Centre. Reported By: Zewei Zhang from NSFOCUS TIANJI Lab...
- Zugriffe: 60
Weiterlesen: [20230201] - Core - Improper access check in webservice endpoints
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
J-BusinessDirectory, 5.7.7 and prior, 3rd party extension, Other*** In the J-BusinessDirectory version 5.8.3 we have updated guzzlehttp to the latest version, 7.5.0 and to PSR 2.1.5....
- Zugriffe: 36
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login , 5.0.2, 3rd party extension, Other...
- Zugriffe: 59
Weiterlesen: LDAP Integration with Active Directory and OpenLDAP - NTLM Kerberos Login , 5.0.2,...
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.4 Exploit type: Reflexted XSS Reported Date: 2022-10-28 Fixed Date: 2022-11-08 CVE Number: CVE-2022-27914 Description Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.. Affected Installs Joomla! CMS versions 4.0.0-4.2.4 Solution Upgrade to version 4.2.5 Contact The JSST at the Joomla! Security Centre. Reported By: https://github.com/Denitz...
- Zugriffe: 170
Weiterlesen: [20221101] - Core - RXSS through reflection of user input in com_media
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.6 Exploit type: CSRF Reported Date: 2022-12-24 Fixed Date: 2023-01-31 CVE Number: CVE-2023-23750 Description A missing token check causes a CSRF vulnerability in the handling of post-installation messages. Affected Installs Joomla! CMS versions 4.0.0-4.2.6 Solution Upgrade to version 4.2.7 Contact The JSST at the Joomla! Security Centre. Reported By: Faizan Wani...
- Zugriffe: 109
Weiterlesen: [20230101] - Core - CSRF within post-installation messages
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.6 Exploit type: Incorrect Access Control Reported Date: 2023-01-01 Fixed Date: 2023-01-31 CVE Number: CVE-2023-23751 Description A missing ACL check allows non super-admin users to access com_actionlogs. Affected Installs Joomla! CMS versions 4.0.0-4.2.6 Solution Upgrade to version 4.2.7 Contact The JSST at the Joomla! Security Centre. Reported By: Faizan Wani...
- Zugriffe: 116
Weiterlesen: [20230102] - Core - Missing ACL checks for com_actionlogs
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Critical Severity: Low Probability: Low Versions: 4.0.0-4.2.3 Exploit type: Information Disclosure Reported Date: 2022-10-13 Fixed Date: 2022-10-25 CVE Number: CVE-2022-27912 Description Joomla 4 sites with publicly enabled debug mode exposed data of previous requests. Affected Installs Joomla! CMS versions 4.0.0-4.2.3 Solution Upgrade to version 4.2.4 Contact The JSST at the Joomla! Security Centre. Reported By: Peter Martin...
- Zugriffe: 216
Weiterlesen: [20221001] - Core - Disclosure of critical information in debug mode
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.0.0-4.2.3 Exploit type: Reflexted XSS Reported Date: 2022-10-07 Fixed Date: 2022-10-25 CVE Number: CVE-2022-27913 Description Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components. Affected Installs Joomla! CMS versions 4.0.0-4.2.3 Solution Upgrade to version 4.2.4 Contact The JSST at the Joomla! Security Centre. Reported By: Ajith Menon...
- Zugriffe: 209
Weiterlesen: [20221002] - Core - RXSS through reflection of user input in headings
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
JKassa, 2.0.0, 3rd party extension, SQL Injection Update to latest version https://jkassa.com/en/extensions/jkassa.html...
- Zugriffe: 206
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
JoomRecipe, 4.2.2, 3rd party extension, XSS (Cross Site Scripting) joomrecipe v4.2.2 issue with XSS vulnerability was fixed in last version 4.2.4 today , check out here: https://www.joomboost.com/blog-updates/joomrecipe-v4-2-2-security-announcement.html...
- Zugriffe: 150
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
jCart for OpenCart, jCart for OpenCart 3.0.3.19, 3rd party extension, XSS (Cross Site Scripting) Here is the link on our site: https://extensions.soft-php.com/support/latest-news/79-joocart-jcart-30325-release-notice.html...
- Zugriffe: 146
Weiterlesen: jCart for OpenCart, jCart for OpenCart 3.0.3.19, XSS (Cross Site Scripting)
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
EDocman, 1.23.3, 3rd party extension, XSS (Cross Site Scripting) Version: Old 1.23.3 / New 1.23.4Update details: New Edocman version includes XSS vulnerability issue fixed. The issue comes from Edocman search function. Update URL: https://joomdonation.com/forum/edocman/73605-30th-september-2022-new-version-1-23-4-fix-xss-vulnerability-issue.html...
- Zugriffe: 152
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
EShop Joomla Shopping-Cart, 3.6.0, 3rd party extension, XSS (Cross Site Scripting) Extension: EShopVersion: Old 3.6.0 / New 3.6.1Update details: Update version 3.6.1 to fix the vulnerable issue of filter view.Update URL: https://joomdonation.com/forum/released-versions/73450-eshop-version-3-6-0-released.html#153923 ...
- Zugriffe: 156
Weiterlesen: EShop Joomla Shopping-Cart, 3.6.0, XSS (Cross Site Scripting)
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Probability: Low Versions: 4.2.0 Exploit type: Path Disclosure Reported Date: 2022-08-27 Fixed Date: 2022-08-30 CVE Number: CVE-2022-27911 Description Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes done in 4.2.0. According to PROD2020/023 and in coordination with the JSST this has been patched in the public tracker vis #38615 Affected Installs Joomla! CMS versions 4.2.0 Solution Upgrade to version 4.2.1 Contact The JSST at the Joomla! Security Centre. Reported By: SharkyKZ...
- Zugriffe: 324
Weiterlesen: [20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or...
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
easyblog, , 3rd party extension, Other User Error...
- Zugriffe: 145
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
JUX Timetable, 1.0.4, 3rd party extension, SQL Injection...
- Zugriffe: 356
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
ZH Googlemap, 11.22.3.1, 3rd party extension, XSS (Cross Site Scripting)...
- Zugriffe: 350
Weiterlesen: ZH Googlemap, 11.22.3.1, XSS (Cross Site Scripting)
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! / Joomla! Framework SubProject: CMS / archive Impact: Moderate Severity: Low Probability: Low Versions: 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Path Traversal Reported Date: 2022-02-20 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23793 Description Extracting an specifilcy crafted tar package could write files outside of the intended path. Affected Installs Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Egidio Romano...
- Zugriffe: 568
Weiterlesen: [20220301] - Core - Zip Slip within the Tar extractor
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! / Joomla! Framework SubProject: CMS / filesystem Impact: Low Severity: Low Probability: Low Versions: 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Path Disclosure Reported Date: 2021-02-17 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23794 Description Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. Affected Installs Joomla! CMS versions 3.0.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: DangKhai from Viettel Cyber Security...
- Zugriffe: 580
Weiterlesen: [20220302] - Core - Path Disclosure within filesystem error messages
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: High Severity: Low Probability: Low Versions: 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Exploit type: Incorrect Access Control Reported Date: 2020-09-23 Fixed Date: 2022-03-29 CVE Number: CVE-2022-23795 Description A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. Affected Installs Joomla! CMS versions 2.5.0 - 3.10.6 & 4.0.0 - 4.1.0 Solution Upgrade to version 3.10.7 or 4.1.1 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor...
- Zugriffe: 591
Weiterlesen: [20220303] - Core - User row are not bound to a authentication mechanism