TTCSIRT-160.090318: TT-CSIRT Advisory – Joomla Security Updates

TTCSIRT-160.090318: TT-CSIRT Advisory – Joomla Security Updates

Joomla has released a security update stating that the following vulnerabilities have been found in its Joomla Content Management System (CMS) –

a) Inadequate checks regarding disabled fields can lead to an ACL violation – (CVE-2018-15881).

b) Inadequate output filtering on the user profile page could lead to a stored XSS attack – (CVE-2018-15880).

c) Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter – (CVE-2018-15882).

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application.

Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-joomla-could-allow-for-arbitrary-code-execution_2018-094/