Joomla! Multiple Vulnerabilities
Release Date:
8 Mar 2021
4012
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in Joomla!. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, cross-site scripting and security restriction bypass on the targeted system.
Impact
- Cross-Site Scripting
- Security Restriction Bypass
- Data Manipulation
System / Technologies affected
- Joomla! CMS versions 1.6.0 through 3.9.24
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Upgrade to version 3.9.25
Vulnerability Identifier
- CVE-2021-23126
- CVE-2021-23127
- CVE-2021-23128
- CVE-2021-23129
- CVE-2021-23130
- CVE-2021-23131
- CVE-2021-23132
- CVE-2021-26027
- CVE-2021-26028
- CVE-2021-26029
Source
Related Link
- http://www.auscert.org.au/bulletins/ESB-2021.0805
- https://developer.joomla.org/security-centre/845-20210305-core-input-validation-within-the-template-manager.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/841-20210301-core-insecure-randomness-within-2fa-secret-generation.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/842-20210302-core-potential-insecure-fofencryptrandval.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/843-20210303-core-xss-within-alert-messages-showed-to-users.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/844-20210304-core-xss-within-the-feed-parser-library.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/847-20210307-core-acl-violation-within-com-content-frontend-editing.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
- https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla%21+Security+News%29
Share with