Informations de sécurité Joomla!
-
[20200306] - Core - SQL injection in Featured Articles menu parameters
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 1.7.0-3.9.15
- Exploit type: SQL Injection
- Reported Date: 2020-March-9
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10243
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype.
Affected Installs
Joomla! CMS versions 1.7.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.
Reported By:Sam Thomas, Pentest.co.uk -
[20200304] - Core - Identifier collisions in com_users
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.0.0-3.9.15
- Exploit type: Other
- Reported Date: 2020-February-07
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10240
Description
Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.
Reported By:Lee Thao from Viettel Cyber Security -
[20200305] - Core - Incorrect Access Control in com_fields SQL field
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.7.0-3.9.15
- Exploit type: Incorrect Access Control
- Reported Date: 2020-February-28
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10239
Description
Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
Affected Installs
Joomla! CMS versions 3.7.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.
Reported By:Hoang Kien from VSEC -
[20200303] - Core - Incorrect Access Control in com_templates
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 2.5.0-3.9.15
- Exploit type: Incorrect Access Control
- Reported Date: 2020-January-31
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10238
Description
Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.
Reported By:Hoang Kien from VSEC -
[20200302] - Core - XSS in Protostar and Beez3
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.0.0-3.9.15
- Exploit type: XSS
- Reported Date: 2020-February-24
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10242
Description
Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.
Reported By:Pham Van Khanh
- Vous êtes ici :
-
Accueil
-
Actualités
- Un fil d'actualité
- Hôtel Le Céans
- Domaine Belle Plage
- Mango Lodge
- Chalet des Cinq Domes
- Hôtel Restaurant La Cremaillère
- Les Hauts Pâturages
- La Tabletterie
- Château du Doux
- Auberge Le Cheylet
- Ferme Auberge de la Besse
- Le Relais du Buis d'Aps
- Auberge du Pont d'Arc
- Au Vieux Guide
- L'Aubergiste Gourmand
- Le Tour du Monde
- La Rabouillère
- Hôtel Restaurant Le Raisin
- Gîte la Fruitière Solaison
- Domaine des Andeols
- Le Nid des Fées
