Joomla [20190701] - Core - Filter attribute in subform fields allows remote code execution

NewsBot

Neues Mitglied
Beiträge
1.049
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.9.7 - 3.9.8
  • Exploit type: Remote Code Execution
  • Reported Date: 2019-June-20
  • Fixed Date: 2019-July-09
  • CVE Number: TBA
Description


Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.

Affected Installs


Joomla! CMS versions 3.9.7 - 3.9.8

Solution


Upgrade to version 3.9.9

Contact


The JSST at the Joomla! Security Centre.

Reported By: Benjamin Trenkle, JSST



Lese weiter....
 
Oben