Developer Network™ There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.
Where to Start
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.2.0 through 3.4.1
- Exploit type: CSRF Protection
- Reported Date: 2015-April-06
- Fixed Date: 2015-June-30
- CVE Number: CVE-2015-5397
Description
Lack of CSRF checks potentially enabled uploading malicious code.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.0.0 through 3.4.1
- Exploit type: Open Redirect
- Reported Date: 2015-April-08
- Fixed Date: 2015-June-30
- CVE Number: CVE-2015-5608
Description
Inadequate checking of the return value allowed to redirect to an external page.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
- Exploit type: Denial of Service
- Reported Date: 2014-September-24
- Fixed Date: 2014-September-30
- CVE Number: CVE-2014-7229
Description
Inadequate checking allowed the potential for a denial of service attack.
Affected Installs
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Solution
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Contact
The JSST at the Joomla! Security Centre.