Joomla Security Notice :: Aug 13, 2019

Started by Jason, August 16, 2019, 07:44:47 pm

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

Joomla has emailed a security announcement.  If you use Joomla for your site, please check your version and upgrade accordingly.

The announcement is available on their site here:

https://developer.joomla.org/security-centre.html

QuoteJoomla! Security News

________________________________________
[20190801] - Core - Hardening com_contact contact form
Posted: 13 Aug 2019 06:00 AM PDT
-> Project: Joomla!
-> SubProject: CMS
-> Impact: Moderate
-> Severity: Low
-> Versions: 1.6.2 - 3.9.10
-> Exploit type: Incorrect Access Control
-> Reported Date: 2019-April-09
-> Fixed Date: 2019-August-13
-> CVE Number: CVE-2019-15028
Description
Inadequate checks in com_contact could allowed mail submission in disabled forms.
Affected Installs
Joomla! CMS versions 1.6.2 - 3.9.10
Solution
Upgrade to version 3.9.11
Contact
The JSST at the Joomla! Security Centre.
Reported By: Sergey Brester