Charlottezweb

Joomla Security Notice :: September 20, 2017

Discussion started on Script Chat

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

Quote
[20170901] - Core - Information Disclosure
Posted: 19 Sep 2017 07:00 AM PDT
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.7.0 through 3.7.5
- Exploit type: Information Disclosure
- Reported Date: 2017-August-4
- Fixed Date: 2017-September-19
- CVE Number: CVE-2017-14595
Description
A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.7.5
Solution
Upgrade to version 3.8.0
Contact
The JSST at the Joomla! Security Centre.
Reported By: Michal Prochaczek
 

[20170902] - Core - LDAP Information Disclosure
Posted: 19 Sep 2017 07:00 AM PDT
- Project: Joomla!
- SubProject: CMS
- Severity: Medium
- Versions: 1.5.0 through 3.7.5
- Exploit type: Information Disclosure
- Reported Date: 2017-July-27
- Fixed Date: 2017-September-19
- CVE Number: CVE-2017-14596
Description
Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.7.5
Solution
Upgrade to version 3.8.0
Contact
The JSST at the Joomla! Security Centre.
Reported By: Dr. Johannes Dahse, RIPS Technologies GmbH
#1 - September 22, 2017, 04:25:11 PM

Members:

0 Members and 1 Guest are viewing this topic.