Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.7.0-3.9.19 Exploit type: CSRF Reported Date: 2020-May-07 Fixed Date: 2020-July-14 CVE Number: CVE-2020-XXXXX Description A missing token check in the ajax_install endpoint com_installer causes a CSRF vulnerability. Affected Installs Joomla! CMS versions 3.7.0 - 3.9.19 Solution Upgrade to version 3.9.20 Contact The JSST at the Joomla! Security Centre. Reported By: Bui Duc Anh Khoa from Viettel Cyber Security [20200701] - Core - CSRF in com_installer ajax_install endpoint
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.7.0-3.9.19 Exploit type: CSRF Reported Date: 2020-May-07 Fixed Date: 2020-July-14 CVE Number: CVE-2020-XXXXX Description A missing token check in the ajax_install endpoint com_installer causes a CSRF vulnerability. Affected Installs Joomla! CMS versions 3.7.0 - 3.9.19 Solution Upgrade to version 3.9.20 Contact The JSST at the Joomla! Security Centre. Reported By: Bui Duc Anh Khoa from Viettel Cyber Security - Zugriffe: 352