CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-14654

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html
https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html

Products affected by CVE-2019-14654

Joomla » Joomla! » Version: 3.9.7

cpe:2.3:a:joomla:joomla!:3.9.7
Joomla » Joomla! » Version: 3.9.8

cpe:2.3:a:joomla:joomla!:3.9.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-14654

Products

Pricing

Contact Us