Started by Jason, December 18, 2019, 07:41:13 pm
0 Members and 1 Guest are viewing this topic.
QuoteJoomla! Security News ________________________________________ - Core - Various SQL injections through configuration parameters Posted: 16 Dec 2019 05:00 AM PST> Project: Joomla!> SubProject: CMS> Impact: High> Severity: Low> Versions: 2.5.0 - 3.9.13> Exploit type: SQL injection> Reported Date: 2019-December-01> Fixed Date: 2019-December-17> CVE Number: CVE-2019-19846DescriptionThe lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. - Core - Path Disclosure in framework files Posted: 16 Dec 2019 05:00 AM PST> Project: Joomla!> SubProject: CMS> Impact: Low> Severity: Low> Versions: 3.8.0 - 3.9.13> Exploit type: Path Disclosure> Reported Date: 2019-November-22> Fixed Date: 2019-December-17> CVE Number: CVE-2019-19845DescriptionMissing access check in framework files could lead to a path disclosure.Affected InstallsJoomla! CMS versions 3.8.0 - 3.9.13SolutionUpgrade to version 3.9.14ContactThe JSST at the Joomla! Security Centre.Reported By: Lee Thao, Viettel Cyber Security