TTCSIRT-160.090318: TT-CSIRT Advisory – Joomla Security Updates
Joomla has released a security update stating that the following vulnerabilities have been found in its Joomla Content Management System (CMS) –
a) Inadequate checks regarding disabled fields can lead to an ACL violation – (CVE-2018-15881).
b) Inadequate output filtering on the user profile page could lead to a stored XSS attack – (CVE-2018-15880).
c) Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter – (CVE-2018-15882).
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application.
|Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-joomla-could-allow-for-arbitrary-code-execution_2018-094/|