Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.6.0 – 3.9.12
Exploit type: Path Disclosure
Reported Date: 2019-November-01
Fixed Date: 2019-November-05
CVE Number: CVE-2019-18674
Description
Missing access check in the phputf8 …
[20191002] – Core – Path Disclosure in phpuft8 mapping files Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.2.0-3.9.12
Exploit type: CSRF
Reported Date: 2019-October-10
Fixed Date: 2019-November-05
CVE Number: CVE-2019-18650
Description
A missing token check in com_template causes a CS…
[20191001] – Core – CSRF in com_template overrides view Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0-3.9.11
Exploit type: XSS
Reported Date: 2019-August-28
Fixed Date: 2019-September-24
CVE Number: CVE-2019-16725
Description
Inadequate escaping allowed XSS attacks using …
[20190901] – Core – XSS in logo parameter of default templates Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.6.2 – 3.9.10
Exploit type: Incorrect Access Control
Reported Date: 2019-April-09
Fixed Date: 2019-August-13
CVE Number: CVE-2019-XXXXX
Description
Inadequate checks in com_co…
[20190801] – Core – Hardening com_contact contact form Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.9.7 – 3.9.8
Exploit type: Remote Code Execution
Reported Date: 2019-June-20
Fixed Date: 2019-July-09
CVE Number: CVE-2019-xxx
Description
Inadequate filtering allows users au…
[20190701] – Core – Filter attribute in subform fields allows remote code execution Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.8.13 through 3.9.6
Exploit type: Incorrect Access Control
Reported Date: 2019-April-10
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12764
Description
The update server URL of com…
[20190603] – Core – ACL hardening of com_joomlaupdate Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.6.0 through 3.9.6
Exploit type: XSS
Reported Date: 2019-January-01
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12766
Description
The subform fieldtype does not sufficiently…
[20190602] – Core – XSS in subform field Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.0 through 3.9.6
Exploit type: CSV Injection
Reported Date: 2019-April-29
Fixed Date: 2019-June-11
CVE Number: CVE-2019-12765
Description
The CSV export of com_actionslogs is vul…
[20190601] – Core – CSV injection in com_actionlogs Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.9.3 through 3.9.5
Exploit type: Object Injection
Reported Date: 2019-March-27
Fixed Date: 2019-May-07
Description
In Joomla 3.9.3, the vulnerability of insecure deserialization wh…
[20190502] – Core – By-passing protection of Phar Stream Wrapper Interceptor Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.7.0 through 3.9.5
Exploit type: XSS
Reported Date: 2019-April-29
Fixed Date: 2019-May-07
CVE Number: CVE-2019-11809
Description
The debug views of com_users do not properly e…
[20190501] – Core – XSS in com_users ACL debug views Read More »
