Developer Network™ - Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 2.5.0 through 3.8.12
- Exploit type: Incorrect Access Control
- Reported Date: 2018-September-17
- Fixed Date: 2018-October-02
- CVE Number: CVE-2018-17859
Description
Inadequate checks in com_contact could allowed mail submission in disabled forms.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.8.12
Solution
Upgrade to version 3.8.13
Contact
The JSST at the Joomla! Security Centre.
Reported By: David Jardin (JSST)
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.7.0 through 3.8.11
- Exploit type: ACL Violation
- Reported Date: 2018-July-10
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15881
Description
Inadequate checks regarding disabled fields can lead to an ACL violation.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Elisa Foltyn, COOLCAT CREATIONS
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 1.5.0 through 3.8.11
- Exploit type: XSS
- Reported Date: 2018-July-10
- Fixed Date: 2018-August-28
- CVE Number: CVE-2018-15880
Description
Inadequate output filtering on the user profile page could lead to a stored XSS attack.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.11
Solution
Upgrade to version 3.8.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Fouad Maakor