Saturday, 15 August 2020
- - - - - -

One page responsive template

One page responsive template

Etiam porta sem malesuada magna mollis euismod

magna mollis euismod

magna mollis euismod

Donec id elit non mi porta gravida at agna mollis euismod

Fusce dapibus <br> tellus ac cursus commodo <br>  dapibus tellus ac modo raesent

Fusce dapibus
tellus ac cursus commodo
dapibus tellus ac modo raesent

Saed elitr diam euismod auctor nonu eirmo conse

Security Announcements

  1. [20200706] - Core - System Information screen could expose redis or proxy credentials
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: Information Disclosure
    • Reported Date: 2020-Jun-17
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15698

    Description

    Inadequate filtering in the system information screen could expose redis or proxy credentials

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor
  2. [20200705] - Core - Escape mod_random_image link
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: XSS
    • Reported Date: 2020-Jun-08
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15696

    Description

    Lack of input filtering and escaping allows XSS attacks in mod_random_image

    Affected Installs

    Joomla! CMS versions 3.0.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor
  3. [20200704] - Core - Variable tampering via user table class
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.0.0-3.9.19
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-Jun-02
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15697

    Description

    Internal read-only fields in the User table class could be modified by users.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Phil Taylor
  4. [20200703] - Core - CSRF in com_privacy remove-request feature
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Low
    • Severity: Low
    • Versions: 3.9.0-3.9.19
    • Exploit type: CSRF
    • Reported Date: 2020-May-07
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15695

    Description

    A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.

    Affected Installs

    Joomla! CMS versions 3.9.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Bui Duc Anh Khoa from Viettel Cyber Security
  5. [20200702] - Core - Missing checks can lead to a broken usergroups table record
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 2.5.0-3.9.19
    • Exploit type: Incorrect Access Control
    • Reported Date: 2020-April-04
    • Fixed Date: 2020-July-14
    • CVE Number: CVE-2020-15699

    Description

    Missing validation checks at the usergroups table object can result into an broken site configuration.

    Affected Installs

    Joomla! CMS versions 2.5.0 - 3.9.19

    Solution

    Upgrade to version 3.9.20

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Hoang Kien from VSEC