Multiple vulnerabilities in Joomla!
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU15312
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17859
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to insufficient security checks in the com_contact contact form feature. A remote attacker can submit specially crafted mail using disabled forms to bypass security restrictions and conduct further attacks.
MitigationUpdate to version 3.8.13.
Vulnerable software versionsJoomla!: 2.5.0 - 3.8.12
CPE2.3- cpe:2.3:a:joomla:joomla:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.9:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site request forgery
EUVDB-ID: #VU15313
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17858
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to perform CSRF attack.
The weakness exists due to insufficient CSRF protections in the back end of the com_installeractions. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions
Update to version 3.8.13.
Vulnerable software versionsJoomla!: 2.5.0 - 3.8.12
CPE2.3- cpe:2.3:a:joomla:joomla:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.10:*:*:*:*:*:*:*
https://developer.joomla.org/security-centre/755-20181005-core-csrf-hardening-in-com-installer.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU15314
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17857
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to insufficient security checks of the tags search fields. A remote attacker can submit specially crafted mail using disabled forms to bypass security restrictions and conduct further attacks.
MitigationUpdate to version 3.8.13.
Vulnerable software versionsJoomla!: 3.0.4 - 3.8.12
CPE2.3- cpe:2.3:a:joomla:joomla:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:3.2.1:*:*:*:*:*:*:*
https://developer.joomla.org/security-centre/753-20181003-core-access-level-violation-in-com-tags
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Remote code execution
EUVDB-ID: #VU15315
Risk: Medium
CVSSv4.0: 2.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Green]
CVE-ID: CVE-2018-17856
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote administrative attacker to execute arbitrary code on the target system.
The vulnerability exists due to the default ACL config. A remote attacker can access com_joomlaupdate and execute arbitrary code with elevated privileges.
MitigationUpdate to version 3.8.13.
Vulnerable software versionsJoomla!: 2.5.4 - 3.8.12
CPE2.3- cpe:2.3:a:joomla:joomla:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:2.5.13:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security restrictions bypass
EUVDB-ID: #VU15316
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17855
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to ACL violation in com_users for the admin verification. A remote attacker can get access to the mail account of an user who can approve admin verifications in the registration process and activate himself.
MitigationUpdate to version 3.8.13.
Vulnerable software versionsJoomla!: 1.5 - 3.8.12
CPE2.3- cpe:2.3:a:joomla:joomla:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:joomla:joomla:1.5.9:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
