RSS   Vulnerabilities for 'Joomla\!'   RSS

2022-03-30
 
CVE-2022-23793

CWE-22
 

 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.

 
 
CVE-2022-23794

CWE-209
 

 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.

 
 
CVE-2022-23795

CWE-287
 

 
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.

 
 
CVE-2022-23796

CWE-79
 

 
An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields.

 
 
CVE-2022-23797

CWE-89
 

 
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.

 
 
CVE-2022-23798

CWE-601
 

 
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.

 
 
CVE-2022-23799

NVD-CWE-noinfo
 

 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.

 
 
CVE-2022-23800

CWE-79
 

 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.

 
 
CVE-2022-23801

CWE-79
 

 
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media.

 
2021-08-24
 
CVE-2021-26040

CWE-863
 

 
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.

 


Copyright 2024, cxsecurity.com

 

Back to Top