Joomla Security Notice :: July 10, 2019

Started by Jason, July 12, 2019, 08:04:54 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

QuoteJoomla! Security News

________________________________________
[20190701] - Core - Filter attribute in subform fields allows remote code execution
Posted: 09 Jul 2019 06:00 AM PDT
> Project: Joomla!
> SubProject: CMS
> Impact: Moderate
> Severity: Low
> Versions: 3.9.7 - 3.9.8
> Exploit type: Remote Code Execution
> Reported Date: 2019-June-20
> Fixed Date: 2019-July-09
> CVE Number: TBA
Description
Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
Affected Installs
Joomla! CMS versions 3.9.7 - 3.9.8
Solution
Upgrade to version 3.9.9
Contact
The JSST at the Joomla! Security Centre.
Reported By: Benjamin Trenkle, JSST