- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.2.0 through 3.6.5
- Exploit type: ACL Violation
- Reported Date: 2017-March-01
- Fixed Date: 2017-April-25
- CVE Number: CVE-2017-7989
Description
Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.6.5
Solution
Upgrade to version 3.7.0
Contact
The JSST at the Joomla! Security Centre.
Reported By: Abdullah Hussam
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 1.6.0 through 3.6.5
- Exploit type: ACL Violation
- Reported Date: 2016-April-29
- Fixed Date: 2017-April-25
- CVE Number: CVE-2017-7988
Description
Inadequate filtering of form contents lead allow to overwrite the author of an article.
Affected Installs
Joomla! CMS versions 1.6.0 through 3.6.5
Solution
Upgrade to version 3.7.0
Contact
The JSST at the Joomla! Security Centre.
Reported By: T-Systems Multimedia Solutions
- Project: Joomla!
- SubProject: CMS
- Severity: Low
- Versions: 3.2.0 through 3.6.5
- Exploit type: XSS
- Reported Date: 2016-February-28
- Fixed Date: 2017-April-25
- CVE Number: CVE-2017-7987
Description
Inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.6.5
Solution
Upgrade to version 3.7.0
Contact
The JSST at the Joomla! Security Centre.
Reported By: David Jardin