Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 2.5.4 through 3.8.12
Exploit type: Object Injection
Reported Date: 2018-June-21
Fixed Date: 2018-October-02
CVE Number: CVE-2018-17856
Description
Joomla’s com_joomlaupdate allows …
[20181002] – Core – Inadequate default access level for com_joomlaupdate Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 2.5.0 through 3.8.12
Exploit type: Incorrect Access Control
Reported Date: 2018-September-17
Fixed Date: 2018-October-02
CVE Number: CVE-2018-17859
Description
Inadequate check…
[20181001] – Core – Hardening com_contact contact form Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.7.0 through 3.8.11
Exploit type: ACL Violation
Reported Date: 2018-July-10
Fixed Date: 2018-August-28
CVE Number: CVE-2018-15881
Description
Inadequate checks regarding disabled f…
[20180803] – Core – ACL Violation in custom fields Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 1.5.0 through 3.8.11
Exploit type: XSS
Reported Date: 2018-July-10
Fixed Date: 2018-August-28
CVE Number: CVE-2018-15880
Description
Inadequate output filtering on the user profile …
[20180802] – Core – Stored XSS vulnerability in the frontend profile Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 1.5.0 through 3.8.11
Exploit type: Malicious file upload
Reported Date: 2018-August-23
Fixed Date: 2018-August-28
CVE Number: CVE-2018-15882
Description
Inadequate checks in the In…
[20180801] – Core – Hardening the InputFilter for PHAR stubs Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 1.6.0 through 3.8.8
Exploit type: XSS
Reported Date: 2018-May-07
Fixed Date: 2018-June-26
CVE Number: CVE-2018-12711
Description
In some cases the link of the current language might…
[20180602] – Core – XSS vulnerability in language switcher module Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 2.5.0 through 3.8.8
Exploit type: LFI
Reported Date: 2018-April-23
Fixed Date: 2018-June-26
CVE Number: CVE-2018-12712
Description
Our autoload code checks classnames to be valid, u…
[20180601] – Core – Local File Inclusion with PHP 5.3 Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 1.5.0 through 3.8.7
Exploit type: XSS
Reported Date: 2017-October-28
Fixed Date: 2018-May-22
CVE Number: CVE-2018-6378
Description
Inadequate filtering of file and folder names lead…
[20180509] – Core – XSS vulnerability in the media manager Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.1.2 through 3.8.7
Exploit type: XSS
Reported Date: 2018-March-30
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Under specific circumstances (a redirect issued with…
[20180508] – Core – Possible XSS attack in the redirect method Read More »
Project: Joomla!
SubProject: CMS
Impact: Medium
Severity: Low
Versions: 3.0.0 through 3.8.7
Exploit type: Session race condition
Reported Date: 2017-July-08
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
A long running background proce…
[20180507] – Core – Session deletion race condition Read More »
