Developer Network™ There is always a great deal of Joomla! development activity underway and communicating with other developers in the community is essential. This site is a resource for anyone looking to build or maintain software based on the Joomla! platform.
Where to Start
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 1.7.0-3.9.15
- Exploit type: SQL Injection
- Reported Date: 2020-March-9
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10243
Description
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the "Featured Articles" frontend menutype.
Affected Installs
Joomla! CMS versions 1.7.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.0.0-3.9.15
- Exploit type: Other
- Reported Date: 2020-February-07
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10240
Description
Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 3.7.0-3.9.15
- Exploit type: Incorrect Access Control
- Reported Date: 2020-February-28
- Fixed Date: 2020-March-10
- CVE Number: CVE-2020-10239
Description
Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
Affected Installs
Joomla! CMS versions 3.7.0 - 3.9.15
Solution
Upgrade to version 3.9.16
Contact
The JSST at the Joomla! Security Centre.