SB2019041026 - Multiple vulnerabilities in Joomla!
Published: April 10, 2019 Updated: March 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Prototype pollution (CVE-ID: CVE-2019-11358)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
2) Improper Authentication (CVE-ID: CVE-2019-10946)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authentication checks for the "refresh list of helpsites" endpoint of com_users core component. A remote non-authenticated attacker can request the endpoint and gain access to sensitive information.
3) Path traversal (CVE-ID: CVE-2019-10945)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the com_media core component when processing folder parameter. A remote privileged attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Remediation
Install update from vendor's website.
References
- https://developer.joomla.org/security-centre.html
- https://developer.joomla.org/security-centre/778-20190402-core-helpsites-refresh-endpoint-callable-for-unauthenticated-users
- http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html
- https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media
- https://www.exploit-db.com/exploits/46710/