Joomla! Multiple Vulnerabilities
Last Update Date:
13 Mar 2020 09:51
Release Date:
13 Mar 2020
5704
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities have been identified in Joomla!. A remote user can exploit these vulnerabilities to trigger remote code execution, security restriction bypass and cross site scripting on the targeted system.
Impact
- Cross-Site Scripting
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
Joomla! CMS versions:
- 2.5.0 - 3.9.15 (CVE-2020-10238)
- 3.7.0 - 3.9.15 (CVE-2020-10239)
- 3.0.0 - 3.9.15 (CVE-2020-10240)
- 3.2.0 - 3.9.15 (CVE-2020-10241)
- 3.0.0 - 3.9.15 (CVE-2020-10242)
- 1.7.0 - 3.9.15 (CVE-2020-10243)
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Upgrade to 3.9.16
Vulnerability Identifier
Source
Related Link
- https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters.html
- https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users.html
- https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field.html
- https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates.html
- https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3.html
- https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions.html
- https://www.auscert.org.au/bulletins/ESB-2020.0900/
Share with