Joomla ! vulnerabilities

CVE-2017-7984 [MEDIUM] CWE-79 CVE-2017-7984: In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template m In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.

CVE-2017-7986 [MEDIUM] CWE-79 CVE-2017-7986: In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes le In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

CVE-2017-7988 [MEDIUM] CVE-2017-7988: In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwr In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.

CVE-2017-8057 [MEDIUM] CWE-200 CVE-2017-8057: In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on syst In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.

CVE-2016-9081 [CRITICAL] CWE-255 CVE-2016-9081: Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.

CVE-2016-10033 [CRITICAL] CWE-88 CVE-2016-10033: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attacker The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

CVE-2016-10045 [CRITICAL] CVE-2016-10045: The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameter The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for

CVE-2016-9838 [HIGH] CWE-284 CVE-2016-9838: An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Inc An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targ

CVE-2016-9837 [HIGH] CWE-264 CVE-2016-9837: An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3. An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 reques

CVE-2016-9836 [CRITICAL] CWE-284 CVE-2016-9836: The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consi The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist t

CVE-2016-8869 [CRITICAL] CWE-20 CVE-2016-8869: The register method in the UsersModelRegistration class in controllers/user.php in the Users compone The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

CVE-2016-8870 [HIGH] CWE-20 CVE-2016-8870: The register method in the UsersModelRegistration class in controllers/user.php in the Users compone The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

CVE-2015-8769 [HIGH] CWE-89 CVE-2015-8769: SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL co SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2015-8565 [HIGH] CWE-20 CVE-2015-8565: Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remot Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.

CVE-2015-8562 [HIGH] CWE-20 CVE-2015-8562: Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection atta Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

CVE-2015-8564 [HIGH] CWE-20 CVE-2015-8564: Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unsp Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.

CVE-2015-8563 [MEDIUM] CWE-352 CVE-2015-8563: Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 thro Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2015-7857 [HIGH] CWE-89 CVE-2015-7857: SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthist SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

CVE-2015-7858 [HIGH] CVE-2015-7858: SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.

CVE-2015-7297 [HIGH] CWE-89 CVE-2015-7297: SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.