www.wotruba-consulting.de

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 1.6.0 - 3.9.24
• Exploit type: ACL Violation
• Reported Date: 2021-01-31
• Fixed Date: 2021-03-02
• CVE Number: CVE-2021-26029

Description

Inadequate filtering of form contents could allow to overwrite the author field. The affected core components are com_fields, com_categories, com_banners, com_contact, com_newsfeeds and com_tags. 

Affected Installs

Joomla! CMS versions 1.6.0 - 3.9.24

Solution

Upgrade to...

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 3.0.0 - 3.9.24
• Exploit type: ACL violation
• Reported Date: 2020-10-25
• Fixed Date: 2021-03-02
• CVE Number: CVE-2021-26027

Description

Incorrect ACL checks could allow unauthorized change of the category for an article.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.24

Solution

Upgrade to version 3.9.25

Contact

The JSST at the Joomla!...

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 3.0.0 - 3.9.24
• Exploit type: Improper Input Validation
• Reported Date: 2020-02-17
• Fixed Date: 2021-03-02
• CVE Number: CVE-2021-23132

Description

com_media allowed paths that are not intended for image uploads.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.24

Solution

Upgrade to version 3.9.25

Contact

The JSST at the Joomla! Security Centre.