Joomla Security Announcements

Security Patch information from joomla.org.  Joomla User Group Chicago North (JUGCN) is not responsible for the content.


 

    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 1.7.0-3.9.15
    • Exploit type: SQL Injection
    • Reported Date: 2020-March-9
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10243

    Description

    The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype.

    Affected Installs

    Joomla! CMS versions 1.7.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Sam Thomas, Pentest.co.uk
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.15
    • Exploit type: Other
    • Reported Date: 2020-February-07
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10240

    Description

    Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Lee Thao from Viettel Cyber Security
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.7.0-3.9.15
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-February-28
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10239

    Description

    Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.

    Affected Installs

    Joomla! CMS versions 3.7.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Hoang Kien from VSEC
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 2.5.0-3.9.15
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-January-31
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10238

    Description

    Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Hoang Kien from VSEC
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.15
    • Exploit type: XSS
    • Reported Date: 2020-February-24
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10242

    Description

    Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:Pham Van Khanh
Ask JUGCN!
×

Got a Joomla! Question? Ask JUGCN

Ask away... we will get back to you within 24 hours

Please let us know your message.

Please let us know your name.

Please let us know your email address.

Invalid Input