[20181005] – Core – CSRF hardening in com_installer

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 2.5.0 through 3.8.12 Exploit type: CSRF Reported Date: 2018-September-26 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17858 Description Added additional Continue Reading

[20181004] – Core – ACL Violation in com_users for the admin verification

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.5.0 through 3.8.12 Exploit type: ACL Violation Reported Date: 2017-December-27 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17855 Description In Continue Reading

[20181003] – Core – Access level Violation in com_tags

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.1.0 through 3.8.12 Exploit type: ACL Violation Reported Date: 2018-June-20 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17857 Description Inadequate Continue Reading

[20181002] – Core – Inadequate default access level for com_joomlaupdate

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.4 through 3.8.12 Exploit type: Object Injection Reported Date: 2018-June-21 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17856 Description Joomla’s Continue Reading

[20181001] – Core – Hardening com_contact contact form

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 2.5.0 through 3.8.12 Exploit type: Incorrect Access Control Reported Date: 2018-September-17 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17859 Description Continue Reading

Joomla 3.8.8 Release

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Joomla 3.8.8 is now available. This is a security release which addresses 9 security vulnerabilities, contains over 50 bug fixes, and includes various security related improvements. Joomla Continue Reading

[20180509] – Core – XSS vulnerability in the media manager

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 1.5.0 through 3.8.7 Exploit type: XSS Reported Date: 2017-October-28 Fixed Date: 2018-May-22 CVE Number: CVE-2018-6378 Description Inadequate filtering Continue Reading

[20180506] – Core – Filter field in com_fields allows remote code execution

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.7.0 through 3.8.7 Exploit type: Remote Code Execution Reported Date: 2018-May-14 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11321 Description Continue Reading

[20180505] – Core – XSS Vulnerabilities & additional hardening

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Versions: 3.0.0 through 3.8.7 Exploit type:XSS Reported Date:2018-February-02 & 2018-March-27 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11326 Description Inadequate input Continue Reading