Multiple vulnerabilities in Joomla!



Published: 2021-03-02 | Updated: 2022-08-02
Risk Medium
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2021-23126
CVE-2021-23127
CVE-2021-26029
CVE-2021-26028
CVE-2021-26027
CVE-2021-23132
CVE-2021-23131
CVE-2021-23130
CVE-2021-23129
CVE-2021-23128
CWE-ID CWE-330
CWE-284
CWE-22
CWE-264
CWE-94
CWE-79
Exploitation vector Network
Public exploit Vulnerability #6 is being exploited in the wild.
Vulnerable software
Subscribe 		Joomla!
Web applications / CMS

Vendor Joomla!

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Use of insufficiently random values

EUVDB-ID: #VU51110

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23126

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass 2FA.

The vulnerability exists due to usage of the insecure rand() function within the process of generating the 2FA secret. A remote attacker can guess 2FA token and bypass authentication process.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 3.0.4 - 3.9.24

External links

http://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of insufficiently random values

EUVDB-ID: #VU51111

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23127

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass 2FA.

The vulnerability exists due to usage of the insecure rand() function within the process of generating the 2FA secret. A remote attacker can guess 2FA token and bypass authentication process.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 3.0.4 - 3.9.24

External links

http://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU51119

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26029

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within com_fields, com_categories, com_banners, com_contact, com_newsfeeds and com_tags components. A remote user can bypass implemented security restrictions and overwrite the author field.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 1.6.0 - 3.9.24

External links

http://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Path traversal

EUVDB-ID: #VU51118

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26028

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to overwrite files on the system

The vulnerability exists due to input validation error when processing directory traversal sequences within zip archives. A remote user can pass specially crafted .zip file to the application and write files outside of the intended path.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Joomla!: 3.0.0 - 3.9.24

External links

http://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU51117

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26027

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and perform unauthorized change of the category for an article.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 3.0.0 - 3.9.24

External links

http://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51116

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-23132

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists within the com_media component. A remote attacker can use a specially crafted HTTP request and upload images to paths that are not intended for image uploads.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 3.0.0 - 3.9.24

External links

http://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

7) Code Injection

EUVDB-ID: #VU51115

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23131

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to inject certain data into templates.

The vulnerability exists due to improper input validation within the template manager. A remote user  can send a specially crafted request and execute code into templates.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 3.0.4 - 3.9.24

External links

http://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Cross-site scripting

EUVDB-ID: #VU51114

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23130

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the feed parser library. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 2.5.0 - 3.9.24

External links

http://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Cross-site scripting

EUVDB-ID: #VU51113

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23129

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within alert messages, displayed to users. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 2.5.0 - 3.9.24

External links

http://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use of insufficiently random values

EUVDB-ID: #VU51112

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-23128

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to Joomla! core contains randval implementation within FOF (FOFEncryptRandval), used an potential insecure implemetation. A remote attacker can bypass certain security restrictions, that rely on randomization.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Joomla!: 3.0.4 - 3.9.24

External links

http://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###