7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.9%
The JSST and the Joomla! Security Center report:
[20151201] - Core - Remote Code Execution Vulnerability
Browser information is not filtered properly while saving the
session values into the database which leads to a Remote Code
Execution vulnerability.
[20151202] - Core - CSRF Hardening
Add additional CSRF hardening in com_templates.
[20151203] - Core - Directory Traversal
Failure to properly sanitize input data from the XML install file
located within an extensionβs package archive allows for directory
traversal.
[20151204] - Core - Directory Traversal
Inadequate filtering of request data leads to a Directory Traversal
vulnerability.
developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html
developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html
developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html
www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html