Joomla: >> Joomla! Security Vulnerabilities
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-04-21
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
CVSS Score
7.5
EPSS Score
0.03
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
CVSS Score
8.8
EPSS Score
0.017
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-16
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
CVSS Score
9.1
EPSS Score
0.0
Published
2020-02-05
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-02-04
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-02-04