Joomla Security News

Joomla Security News

Below you will find the latest security news from Joomla.org's J.S.S.T. (Joomla Security Strike Team). It is imperitive for the security of your website and that of the server that you maintain your Joomla installation up to date with the latest release. If you require assistance in upgrading your website we are available to do this for you. Just visit our Joomla Upgrade page.

Joomla! Developer - Vulnerability News

Not only is Joomla! easy to use, but it is easy to add extra functionality through a flexible and powerful developer framework. The Joomla! Framework allows you to build exceptional extensions for Joomla! including components, modules, plugins, templates and language packs.

  • — [20091103] - Core - Front-End Editor Issue

       (Tuesday, 03 November 2009 11:31)

    • Project: Joomla!
    • SubProject: com_content
    • Severity: Moderate
    • Versions: 1.5.14 and all previous 1.5 releases
    • Exploit type: Front-End Editing
    • Reported Date: 2009-September-05
    • Fixed Date: 2009-November-03

    Description

    When logged into the front end with Author access, it was possible to replace an article written by another user.

    Affected Installs

    All 1.5.x installs prior to and including 1.5.14 are affected.

    Solution

    Upgrade to latest Joomla! version (1.5.15 or newer).

    Reported by Hannes Papenberg

    Contact

    The JSST at the Joomla! Security Center.

  • — [20091103] - Core - XML File Read Issue

       (Sunday, 01 November 2009 20:03)

    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 1.5.14 and all previous 1.5 releases
    • Exploit type: Extension Version Disclosure
    • Reported Date: 2009-October-13
    • Fixed Date: 2009-Nov-03

    Description

    It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension.

    Affected Installs

    All 1.5.x installs prior to and including 1.5.14 are affected.

    Solution

    Turn on Apache mod_rewrite and configure your .htaccess file to filter out XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39 contain example code that will...

  • — [20090722] - Core - Missing JEXEC Check

       (Wednesday, 22 July 2009 19:36)

    • Project: Joomla!
    • SubProject: Framework
    • Severity: Moderate
    • Versions: 1.5.12 and all previous 1.5 releases
    • Exploit type: Path Disclosure
    • Reported Date: 2009-July-21
    • Fixed Date: 2009-July-22

    Description

    Some files were missing the check for JEXEC. These scripts will then expose internal path information of the host.

    Affected Installs

    All 1.5.x installs prior to and including 1.5.12 are affected.

    Solution

    Upgrade to latest Joomla! version (1.5.13 or newer).

    Reported by Juan Galiana Lara (Internet Security Auditors)

    Contact

    The JSST at the Joomla! Security Center.

 
Banner

LiveZilla Live Help

Affordable Hosting Sign-Up


carbon_negative

Spread Firefox Affiliate Button

Translate This Page!

English French German Italian Portuguese Russian

You are here:

Joomla Announcements

carbonzero

Is Joomla right for you?

sam-1Over the years our team has accumulated extensive knowledge on Joomla's practical use as a Content Management System in multiple usage environments. Is Joomla really right for you? Let's answer that question first. Contact us today and take that first step.

Our experience with Joomla will be put to work for you the moment you contact us.
footer_logos