900_Cumiana alla Liberazione-identif presunta.jpg900_Cumiana piazza Vecchia, anni Venti.jpg900_piazza Vecchia bruciata.JPGLiberazione 1945.jpg

Security Announcements

  1. [20200306] - Core - SQL injection in Featured Articles menu parameters
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 1.7.0-3.9.15
    • Exploit type: SQL Injection
    • Reported Date: 2020-March-9
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10243

    Description

    The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype.

    Affected Installs

    Joomla! CMS versions 1.7.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Sam Thomas, Pentest.co.uk
  2. [20200305] - Core - Incorrect Access Control in com_fields SQL field
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.7.0-3.9.15
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-February-28
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10239

    Description

    Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.

    Affected Installs

    Joomla! CMS versions 3.7.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC
  3. [20200304] - Core - Identifier collisions in com_users
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.0.0-3.9.15
    • Exploit type: Other
    • Reported Date: 2020-February-07
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10240

    Description

    Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Lee Thao from Viettel Cyber Security
  4. [20200303] - Core - Incorrect Access Control in com_templates
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 2.5.0-3.9.15
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-January-31
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10238

    Description

    Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC
  5. [20200302] - Core - XSS in Protostar and Beez3
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0-3.9.15
    • Exploit type: XSS
    • Reported Date: 2020-February-24
    • Fixed Date: 2020-March-10
    • CVE Number: CVE-2020-10242

    Description

    Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks.

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.15

    Solution

    Upgrade to version 3.9.16

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Pham Van Khanh
Joomla templates by a4joomla