Developer Network™ - Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.7.0 through 3.8.3
- Exploit type: SQLi
- Reported Date: 2017-November-17
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6376
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Karim Ouerghemmi, ripstech.com
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.8.3
- Exploit type: XSS
- Reported Date: 2017-November-17
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6379
Description
Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Octavian Cinciu
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.7.0 through 3.8.3
- Exploit type: XSS
- Reported Date: 2018-January-20
- Fixed Date: 2018-January-30
- CVE Number: CVE-2018-6377
Description
Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.
Affected Installs
Joomla! CMS versions 3.7.0 through 3.8.3
Solution
Upgrade to version 3.8.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Benjamin Trenkle, JSST