[20180507] – Core – Session deletion race condition

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Medium Severity: Low Versions: 3.0.0 through 3.8.7 Exploit type: Session race condition Reported Date: 2017-July-08 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11324 Description Continue Reading

[20180506] – Core – Filter field in com_fields allows remote code execution

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.7.0 through 3.8.7 Exploit type: Remote Code Execution Reported Date: 2018-May-14 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11321 Description Continue Reading

[20180505] – Core – XSS Vulnerabilities & additional hardening

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Versions: 3.0.0 through 3.8.7 Exploit type:XSS Reported Date:2018-February-02 & 2018-March-27 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11326 Description Inadequate input Continue Reading

[20180504] – Core – Installer leaks plain text password to local user

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 through 3.8.7 Exploit type: Information Disclosure Reported Date: 2018-February-09 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11325 Description The Continue Reading

[20180503] – Core – Information Disclosure about unpublished tags

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Versions: 3.1.0 through 3.8.7 Exploit type: Information Disclosure Reported Date: 2018-April-27 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11327 Description Inadequate Continue Reading

[20180502] – Core – Add PHAR files to the upload blacklist

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.0 through 3.8.7 Exploit type: Malicious file upload Reported Date: 2018-March-14 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11322 Description Continue Reading

[20180501] – Core – ACL violation in access levels

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.0 through 3.8.7 Exploit type: ACL violation Reported Date: 2018-March-08 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11323 Description Inadequate Continue Reading