Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 2.5.0 through 3.9.2 Exploit type: Object Injection Reported Date: 2019-January-18 Fixed Date: 2019-February-12 CVE Number: CVE-2019-7743 Description The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.2 Solution Upgrade to version 3.9.3 Contact The JSST at the Joomla! Security Centre. Reported By: David Jardin (JSST) [20190206] - Core - Implement the TYPO3 PHAR stream wrapper
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 2.5.0 through 3.9.2 Exploit type: Object Injection Reported Date: 2019-January-18 Fixed Date: 2019-February-12 CVE Number: CVE-2019-7743 Description The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper. Affected Installs Joomla! CMS versions 2.5.0 through 3.9.2 Solution Upgrade to version 3.9.3 Contact The JSST at the Joomla! Security Centre. Reported By: David Jardin (JSST) - Zugriffe: 680