Joomla! 多個漏洞
發佈日期:
2021年03月08日
1967
觀看次數
風險: 中度風險
類型: 伺服器 - 其他伺服器
於 Joomla! 發現多個漏洞,遠端攻擊者可利用這些漏洞,於目標系統觸發資料篡改、跨網站指令碼及繞過保安限制。
影響
- 跨網站指令碼
- 繞過保安限制
- 篡改
受影響之系統或技術
- Joomla! CMS 版本 1.6.0 至 3.9.24
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
- 更新至版本 3.9.25
漏洞識別碼
- CVE-2021-23126
- CVE-2021-23127
- CVE-2021-23128
- CVE-2021-23129
- CVE-2021-23130
- CVE-2021-23131
- CVE-2021-23132
- CVE-2021-26027
- CVE-2021-26028
- CVE-2021-26029
資料來源
相關連結
- http://www.auscert.org.au/bulletins/ESB-2021.0805
- https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
分享至