Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.7.0 through 3.8.7
Exploit type: Remote Code Execution
Reported Date: 2018-May-14
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Inadequate filtering allows use…
[20180506] – Core – Filter field in com_fields allows remote code execution Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Moderate
Versions: 3.0.0 through 3.8.7
Exploit type:XSS
Reported Date:2018-February-02 & 2018-March-27
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Inadequate input filt…
[20180505] – Core – XSS Vulnerabilities & additional hardening Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.0.0 through 3.8.7
Exploit type: Information Disclosure
Reported Date: 2018-February-09
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
The web install application wo…
[20180504] – Core – Installer leaks plain text password to local user Read More »
Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Moderate
Versions: 3.1.0 through 3.8.7
Exploit type: Information Disclosure
Reported Date: 2018-April-27
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Inadequate checks allowed us…
[20180503] – Core – Information Disclosure about unpublished tags Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 2.5.0 through 3.8.7
Exploit type: Malicious file upload
Reported Date: 2018-March-14
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Depending on the server configura…
[20180502] – Core – Add PHAR files to the upload blacklist Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 2.5.0 through 3.8.7
Exploit type: ACL violation
Reported Date: 2018-March-08
Fixed Date: 2018-May-22
CVE Number: CVE-2018-XXXX
Description
Inadequate checks allowed users to modify…
[20180501] – Core – ACL violation in access levels Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.5.0 through 3.8.5
Exploit type: SQLi
Reported Date: 2018-March-08
Fixed Date: 2018-March-12
CVE Number: CVE-2018-8045
Description
The lack of type casting of a variable in SQL st…
[20180301] – Core – SQLi vulnerability User Notes Read More »
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.7.0 through 3.8.3
Exploit type: SQLi
Reported Date: 2017-November-17
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6376
Description
The lack of type casting of a variable in S…
[20180104] – Core – SQLi vulnerability in Hathor postinstall message Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.5.0 through 3.8.3
Exploit type: XSS
Reported Date: 2017-November-17
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6379
Description
Inadequate input filtering in the Uri cl…
[20180103] – Core – XSS vulnerability in Uri class Read More »
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.7.0 through 3.8.3
Exploit type: XSS
Reported Date: 2018-January-20
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6377
Description
Inadequate input filtering in com_fields …
[20180102] – Core – XSS vulnerability in com_fields Read More »
