|
Security Announcements
|
|
-
[20200403] - Core - Incorrect access control in com_users access level deletion function
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 2.5.0 - 3.9.16
- Exploit type: Incorrect Access Control
- Reported Date: 2020-March-13
- Fixed Date: 2020-April-21
- CVE Number: CVE-2020-11889
Description
Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.16
Solution
Upgrade to version 3.9.17
Contact
The JSST at the Joomla! Security Centre.
Reported...
-
[20200402] - Core - Missing checks for the root usergroup in usergroup table
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 2.5.0 - 3.9.16
- Exploit type: Incorrect Access Control
- Reported Date: 2020-February-27
- Fixed Date: 2020-April-21
- CVE Number: CVE-2020-11890
Description
Inproper input validations in the usergroup table class could lead to a broken ACL configuration.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.16
Solution
Upgrade to version 3.9.17
Contact
The JSST at the Joomla! Security Centre.
Reported...
-
[20200401] - Core - Incorrect access control in com_users access level editing function
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.8.8 - 3.9.16
- Exploit type: Incorrect Access Control
- Reported Date: 2020-March-13
- Fixed Date: 2020-April-21
- CVE Number: CVE-2020-11891
Description
Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
Affected Installs
Joomla! CMS versions 3.8.8 - 3.9.16
Solution
Upgrade to version 3.9.17
Contact
The JSST at the Joomla! Security Centre.
Reported...
-
[20200306] - Core - SQL injection in Featured Articles menu parameters
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 1.7.0-3.9.15
- Exploit type: SQL Injection
- Reported Date: 2020-March-9
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10243
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype.
Affected Installs
Joomla! CMS versions 1.7.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the...
-
[20200305] - Core - Incorrect Access Control in com_fields SQL field
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.7.0-3.9.15
- Exploit type: Incorrect Access Control
- Reported Date: 2020-February-28
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10239
Description
Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
Affected Installs
Joomla! CMS versions 3.7.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.
Reported By:...
|
