Joomla: Security Vulnerabilities
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
CVSS Score
8.8
EPSS Score
0.018
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-03-16
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-16
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
CVSS Score
9.1
EPSS Score
0.0
Published
2020-02-05
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-02-04
Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-02-04
Joomla! core 1.7.1 allows information disclosure due to weak encryption
CVSS Score
7.5
EPSS Score
0.0
Published
2020-02-04
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-01-28