Multiple vulnerabilities in Joomla!



| Updated: 2024-03-06
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2019-11358
CVE-2019-10946
CVE-2019-10945
CWE-ID CWE-1321
CWE-287
CWE-22
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Joomla!
Web applications / CMS

Vendor Joomla!

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

Prototype pollution vulnerability in $.extend method of JQuery was fixed within Joomla! core component, as described in vulnerability #1.

1) Prototype pollution

EUVDB-ID: #VU18092

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-11358

CWE-ID: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

Mitigation

Update to version 3.9.5.

Vulnerable software versions

Joomla!: 3.0.0 - 3.9.4

CPE2.3 External links

http://developer.joomla.org/security-centre.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper Authentication

EUVDB-ID: #VU20014

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10946

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authentication checks for the "refresh list of helpsites" endpoint of com_users core component. A remote non-authenticated attacker can request the endpoint and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 3.2.0 - 3.9.4

CPE2.3 External links

http://developer.joomla.org/security-centre/778-20190402-core-helpsites-refresh-endpoint-callable-for-unauthenticated-users


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Path traversal

EUVDB-ID: #VU20013

Risk: Low

CVSSv3.1: 2.5 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2019-10945

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the com_media core component when processing folder parameter. A remote privileged attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 1.5.0 - 3.9.4

CPE2.3 External links

http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html
http://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media
http://www.exploit-db.com/exploits/46710/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.



###SIDEBAR###