CVE-2019-14654 — Joomla ! vulnerability

3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 36.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !

Timeline

PublishedAug 5

Latest updateMay 24

Description

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDjoomla/joomla_!3.9.7, 3.9.8+1

🔴Vulnerability Details

GHSA

GHSA-6prc-8q5p-6xrc: In Joomla! 3↗2022-05-24

▶

CVEList

CVE-2019-14654: In Joomla! 3↗2019-08-05

▶