Developer Network™ - Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.2.0 through 3.4.1
- Exploit type: CSRF Protection
- Reported Date: 2015-April-06
- Fixed Date: 2015-June-30
- CVE Number: CVE-2015-5397
Description
Lack of CSRF checks potentially enabled uploading malicious code.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Eric Flokstra
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.0.0 through 3.4.1
- Exploit type: Open Redirect
- Reported Date: 2015-April-08
- Fixed Date: 2015-June-30
- CVE Number: CVE-2015-5608
Description
Inadequate checking of the return value allowed to redirect to an external page.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Eric Flokstra, Sharath Unni and Steven Sweeting
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
- Exploit type: Denial of Service
- Reported Date: 2014-September-24
- Fixed Date: 2014-September-30
- CVE Number: CVE-2014-7229
Description
Inadequate checking allowed the potential for a denial of service attack.
Affected Installs
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Solution
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Johannes Dahse