Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.7.0-3.9.15
Exploit type: Incorrect Access Control
Reported Date: 2020-February-28
Fixed Date: 2020-March-10
CVE Number: CVE-2020-10239
Description
Incorrect Access Control in the…
[20200305] – Core – Incorrect Access Control in com_fields SQL field Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.0.0-3.9.15
Exploit type: Other
Reported Date: 2020-February-07
Fixed Date: 2020-March-10
CVE Number: CVE-2020-10240
Description
Missing length checks in the user table can lead t…
[20200304] – Core – Identifier collisions in com_users Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 2.5.0-3.9.15
Exploit type: Incorrect Access Control
Reported Date: 2020-January-31
Fixed Date: 2020-March-10
CVE Number: CVE-2020-10238
Description
Various actions in com_templates…
[20200303] – Core – Incorrect Access Control in com_templates Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0-3.9.15
Exploit type: XSS
Reported Date: 2020-February-24
Fixed Date: 2020-March-10
CVE Number: CVE-2020-10242
Description
Inadequate handling of CSS selectors in the Prot…
[20200302] – Core – XSS in Protostar and Beez3 Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.2.0-3.9.15
Exploit type: CSRF
Reported Date: 2020-February-06
Fixed Date: 2020-March-10
CVE Number: CVE-2020-10241
Description
Missing token checks in the image actions of co…
[20200301] – Core – CSRF in com_templates image actions Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.9.0-3.9.14
Exploit type: XSS
Reported Date: 2019-December-25
Fixed Date: 2020-January-28
CVE Number: CVE-2020-xxxxx
Description
Inadequate escaping of usernames allow XSS attacks…
[20200103] – Core – XSS in com_actionlogs Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.0.0-3.9.14
Exploit type: CSRF
Reported Date: 2019-December-18
Fixed Date: 2020-January-28
CVE Number: CVE-2020-xxxxx
Description
A missing CSRF token check in the LESS compiler o…
[20200102] – Core – CSRF com_templates LESS compiler Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0-3.9.14
Exploit type: CSRF
Reported Date: 2019-December-23
Fixed Date: 2020-January-28
CVE Number: CVE-2020-xxxxx
Description
Missing token checks in the batch actions of …
[20200101] – Core – CSRF in batch actions Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 2.5.0 – 3.9.13
Exploit type: SQL injection
Reported Date: 2019-December-01
Fixed Date: 2019-December-17
CVE Number: CVE-2019-19846
Description
The lack of validation of configurati…
[20191202] – Core – Various SQL injections through configuration parameters Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.0 – 3.9.13
Exploit type: Path Disclosure
Reported Date: 2019-November-22
Fixed Date: 2019-December-17
CVE Number: CVE-2019-19845
Description
Missing access check in framework fi…
[20191201] – Core – Path Disclosure in framework files Read More »
