- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.0.0 through 3.6.4
- Exploit type: Shell Upload
- Reported Date: 2016-October-26
- Fixed Date: 2016-December-06
- CVE Number: CVE-2016-9836
Description
Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.6.4
Solution
Upgrade to version 3.6.5
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 3.4.4 through 3.6.3
- Exploit type: Account Modifications
- Reported Date: 2016-October-26
- Fixed Date: 2016-October-25
- CVE Number: CVE-2016-9081
Description
Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.
Affected Installs
Joomla! CMS versions 3.4.4 through 3.6.3
Solution
Upgrade to version 3.6.4
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.2.0 through 3.4.5
- Exploit type: Directory Traversal
- Reported Date: 2015-November-26
- Fixed Date: 2015-December-14
- CVE Number: requested
Description
Inadequate filtering of request data leads to a Directory Traversal vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.5
Solution
Upgrade to version 3.4.6
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.0.0 through 3.4.6
- Exploit type: SQL Injection
- Reported Date: 2015-December-15
- Fixed Date: 2015-Decemer-21
- CVE Numbers: requested
Description
Inadequate filtering of request data leads to a SQL Injection vulnerability.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.6
Solution
Upgrade to version 3.4.7
Contact
The JSST at the Joomla! Security Centre....
- Details
- Category: Security Announcements
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 3.2.0 through 3.4.4
- Exploit type: SQL Injection
- Reported Date: 2015-October-15
- Fixed Date: 2015-October-22
- CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858
Description
Inadequate filtering of request data leads to a SQL Injection vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.4
Solution
Upgrade to version 3.4.5
Contact
The JSST at the Joomla! Security Centre....