• Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.4.1
  • Exploit type: CSRF Protection
  • Reported Date: 2015-April-06
  • Fixed Date: 2015-June-30
  • CVE Number: CVE-2015-5397

Description

Lack of CSRF checks potentially enabled uploading malicious code.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Eric Flokstra