Charlottezweb

Joomla Security Notice :: August 29, 2018

Discussion started on Script Chat

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

Quote
Joomla! Security News

________________________________________
    [20180803] - Core - ACL Violation in custom fields
    [20180802] - Core - Stored XSS vulnerability in the frontend profile
    [20180801] - Core - Hardening the InputFilter for PHAR stubs
[20180803] - Core - ACL Violation in custom fields
Posted: 26 Aug 2018 06:45 AM PDT
-- Project: Joomla!
-- SubProject: CMS
-- Impact: Low
-- Severity: Low
-- Versions: 3.7.0 through 3.8.11
-- Exploit type: ACL Violation
-- Reported Date: 2018-July-10
-- Fixed Date: 2018-August-28
-- CVE Number: CVE-2018-15881
Description
Inadequate checks regarding disabled fields can lead to an ACL violation.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Elisa Foltyn, COOLCAT CREATIONS
 
 

[20180802] - Core - Stored XSS vulnerability in the frontend profile
Posted: 26 Aug 2018 06:45 AM PDT
-- Project: Joomla!
-- SubProject: CMS
-- Impact: Low
-- Severity: Low
-- Versions: 1.5.0 through 3.8.11
-- Exploit type: XSS
-- Reported Date: 2018-July-10
-- Fixed Date: 2018-August-28
-- CVE Number: CVE-2018-15880
Description
Inadequate output filtering on the user profile page could lead to a stored XSS attack.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Roland Dalmulder, Perfect Web Team
 
 

[20180801] - Core - Hardening the InputFilter for PHAR stubs
Posted: 26 Aug 2018 06:45 AM PDT
-- Project: Joomla!
-- SubProject: CMS
-- Impact: High
-- Severity: Low
-- Versions: 1.5.0 through 3.8.11
-- Exploit type: Malicious file upload
-- Reported Date: 2018-August-23
-- Fixed Date: 2018-August-28
-- CVE Number: CVE-2018-15882
Description
Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Davide Tampellini
 
#1 - August 30, 2018, 09:49:11 AM

Members:

0 Members and 1 Guest are viewing this topic.