Started by Jason, July 12, 2019, 08:04:54 pm
0 Members and 1 Guest are viewing this topic.
QuoteJoomla! Security News ________________________________________ - Core - Filter attribute in subform fields allows remote code execution Posted: 09 Jul 2019 06:00 AM PDT> Project: Joomla!> SubProject: CMS> Impact: Moderate> Severity: Low> Versions: 3.9.7 - 3.9.8> Exploit type: Remote Code Execution> Reported Date: 2019-June-20> Fixed Date: 2019-July-09> CVE Number: TBADescriptionInadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.Affected InstallsJoomla! CMS versions 3.9.7 - 3.9.8SolutionUpgrade to version 3.9.9ContactThe JSST at the Joomla! Security Centre.Reported By: Benjamin Trenkle, JSST