Joomla ! vulnerabilities

CVE-2020-10241 [HIGH] CWE-352 CVE-2020-10241: An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_t An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.

CVE-2020-10240 [MEDIUM] CWE-20 CVE-2020-10240: An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead t An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

CVE-2020-10242 [MEDIUM] CWE-79 CVE-2020-10242: An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protos An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.

CVE-2011-1151 [CRITICAL] CWE-89 CVE-2011-1151: Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.

CVE-2011-4937 [HIGH] CWE-200 CVE-2011-4937: Joomla! 1.7.1 has core information disclosure due to inadequate error checking. Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

CVE-2011-3629 [HIGH] CWE-326 CVE-2011-3629: Joomla! core 1.7.1 allows information disclosure due to weak encryption Joomla! core 1.7.1 allows information disclosure due to weak encryption

CVE-2011-4912 [MEDIUM] CWE-732 CVE-2011-4912: Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

CVE-2020-8420 [HIGH] CWE-352 CVE-2020-8420: An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.

CVE-2020-8419 [HIGH] CWE-352 CVE-2020-8419: An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of vario An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.

CVE-2020-8421 [MEDIUM] CWE-79 CVE-2020-8421: An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attack An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs.

CVE-2011-3595 [MEDIUM] CWE-79 CVE-2011-3595: Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in t Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.

CVE-2012-1563 [HIGH] CWE-269 CVE-2012-1563: Joomla! before 2.5.3 allows Admin Account Creation. Joomla! before 2.5.3 allows Admin Account Creation.

CVE-2012-1562 [HIGH] CWE-330 CVE-2012-1562: Joomla! core before 2.5.3 allows unauthorized password change. Joomla! core before 2.5.3 allows unauthorized password change.

CVE-2019-19846 [CRITICAL] CWE-89 CVE-2019-19846: In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries cau In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

CVE-2019-19845 [MEDIUM] CWE-22 CVE-2019-19845: In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure. In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.

CVE-2019-18650 [HIGH] CWE-352 CVE-2019-18650: An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSR An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.

CVE-2019-18674 [MEDIUM] CWE-862 CVE-2019-18674: An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping file An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.

CVE-2019-16725 [MEDIUM] CWE-79 CVE-2019-16725: In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of th In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.

CVE-2019-15028 [MEDIUM] CVE-2019-15028: In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled f In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.

CVE-2019-14654 [HIGH] CVE-2019-14654: In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.