Multiple vulnerabilities in Joomla!

Published: 2018-10-11 14:27:37
Severity Medium
Patch available YES
Number of vulnerabilities 5
CVE ID CVE-2018-17859
CVE-2018-17858
CVE-2018-17857
CVE-2018-17856
CVE-2018-17855
CVSSv3 5.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
5.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
7.9 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CWE ID CWE-264
CWE-352
Exploitation vector Network
Public exploit Not available
Vulnerable software Joomla!
Vulnerable software versions Joomla! 3.8.12
Joomla! 3.8.11
Joomla! 3.8.9
Show more
Vendor URL Joomla!

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists due to insufficient security checks in the com_contact contact form feature. A remote attacker can submit specially crafted mail using disabled forms to bypass security restrictions and conduct further attacks.

Remediation

Update to version 3.8.13.

External links

https://developer.joomla.org/security-centre/751-20181001-core-hardening-com-contact-contact-form.ht...

2) Cross-site request forgery

Description

The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.

The weakness exists due to insufficient CSRF protections in the back end of the com_installeractions. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions

Remediation

Update to version 3.8.13.

External links

https://developer.joomla.org/security-centre/755-20181005-core-csrf-hardening-in-com-installer.html

3) Security restrictions bypass

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists due to insufficient security checks of the tags search fields. A remote attacker can submit specially crafted mail using disabled forms to bypass security restrictions and conduct further attacks.

Remediation

Update to version 3.8.13.

External links

https://developer.joomla.org/security-centre/753-20181003-core-access-level-violation-in-com-tags

4) Remote code execution

Description

The vulnerability allows a remote administrative attacker to execute arbitrary code on the target system.

The vulnerability exists due to the default ACL config. A remote attacker can access com_joomlaupdate and execute arbitrary code with elevated privileges.

Remediation

Update to version 3.8.13.

External links

https://developer.joomla.org/security-centre/752-20181002-core-inadequate-default-access-level-for-com-joomlaupdate.html

5) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to ACL violation in com_users for the admin verification. A remote attacker can get access to the mail account of an user who can approve admin verifications in the registration process and activate himself.

Remediation

Update to version 3.8.13.

External links

https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification

Back to List