Joomla has emailed a security announcement. If you use Joomla for your site, please check your version and upgrade accordingly.
The announcement is available on their site here:
https://developer.joomla.org/security-centre.html
QuoteJoomla! Security News
________________________________________
[20190701] - Core - Filter attribute in subform fields allows remote code execution
Posted: 09 Jul 2019 06:00 AM PDT
> Project: Joomla!
> SubProject: CMS
> Impact: Moderate
> Severity: Low
> Versions: 3.9.7 - 3.9.8
> Exploit type: Remote Code Execution
> Reported Date: 2019-June-20
> Fixed Date: 2019-July-09
> CVE Number: TBA
Description
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
Affected Installs
Joomla! CMS versions 3.9.7 - 3.9.8
Solution
Upgrade to version 3.9.9
Contact
The JSST at the Joomla! Security Centre.
Reported By: Benjamin Trenkle, JSST