SB2018101103 - Multiple vulnerabilities in Joomla!
Published: October 11, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2018-17859)
The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to insufficient security checks in the com_contact contact form feature. A remote attacker can submit specially crafted mail using disabled forms to bypass security restrictions and conduct further attacks.
2) Cross-site request forgery (CVE-ID: CVE-2018-17858)
The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.The weakness exists due to insufficient CSRF protections in the back end of the com_installeractions. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions
3) Security restrictions bypass (CVE-ID: CVE-2018-17857)
The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to insufficient security checks of the tags search fields. A remote attacker can submit specially crafted mail using disabled forms to bypass security restrictions and conduct further attacks.
4) Remote code execution (CVE-ID: CVE-2018-17856)
The vulnerability allows a remote administrative attacker to execute arbitrary code on the target system.
The vulnerability exists due to the default ACL config. A remote attacker can access com_joomlaupdate and execute arbitrary code with elevated privileges.
5) Security restrictions bypass (CVE-ID: CVE-2018-17855)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to ACL violation in com_users for the admin verification. A remote attacker can get access to the mail account of an user who can approve admin verifications in the registration process and activate himself.
Remediation
Install update from vendor's website.
References
- https://developer.joomla.org/security-centre/751-20181001-core-hardening-com-contact-contact-form.ht...
- https://developer.joomla.org/security-centre/755-20181005-core-csrf-hardening-in-com-installer.html
- https://developer.joomla.org/security-centre/753-20181003-core-access-level-violation-in-com-tags
- https://developer.joomla.org/security-centre/752-20181002-core-inadequate-default-access-level-for-com-joomlaupdate.html
- https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification