Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112713
HistoryMar 05, 2021 - 12:00 a.m.

Joomla! 3.x < 3.9.25 Multiple Vulnerabilities

2021-03-0500:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
61
JSON

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.25. It is, therefore, affected by multiple vulnerabilities.

  • Usage of the insecure rand() function within the process of generating the 2FA secret. (CVE-2021-23126)

  • Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes. (CVE-2021-23127)

  • The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. (CVE-2021-23128)

  • Missing filtering of messages showed to users that could lead to XSS issues. (CVE-2021-23129)

  • Missing filtering of feed fields could lead to XSS issues. (CVE-2021-23130)

  • Missing input validation within the template manager. (CVE-2021-23131)

  • com_media allowed paths that are not intended for image uploads. (CVE-2021-23132)

  • Incorrect ACL checks could allow unauthorized change of the category for an article. (CVE-2021-26027)

  • Extracting an specifilcy crafted zip package could write files outside of the intended path. (CVE-2021-26028)

  • Inadequate filtering of form contents could allow to overwrite the author field. (CVE-2021-26029)

Note that the scanner has not tested for these issues but has instead relied only on the applicationโ€™s self-reported version number.

No source data
VendorProductVersionCPE
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

References

Related

nessus 1
openvas 4
joomla 9
prion 10
osv 11
cve 10
veracode 1
github 1
seebug 1
githubexploit 2
checkpoint_advisories 1
nessus
nessus
Joomla 1.6.x < 3.9.25 Multiple Vulnerabilities (5834-joomla-3-9-25)
2021-03-11 00:00:00
openvas
openvas
Joomla! 3.2.0 - 3.9.24 Multiple Vulnerabilities
2021-03-05 00:00:00
Joomla! 3.0.0 - 3.9.24 Multiple Vulnerabilities
2021-03-05 00:00:00
Joomla! 2.5.0 - 3.9.24 Multiple XSS Vulnerabilities
2021-03-05 00:00:00
joomla
joomla
[20210301] - Core - Insecure randomness within 2FA secret generation
2021-01-12 00:00:00
[20210307] - Core - ACL violation within com_content frontend editing
2020-10-25 00:00:00
[20210308] - Core - Path Traversal within joomla/archive zip class
2020-09-08 00:00:00
prion
prion
Cross site scripting
2021-03-04 18:15:00
Code injection
2021-03-04 18:15:00
Path traversal
2021-03-04 18:15:00
osv
osv
CVE-2021-26029
2021-03-04 18:15:13
CVE-2021-26028
2021-03-04 18:15:13
Path Traversal within joomla/archive zip class
2021-03-24 17:58:13
cve
cve
CVE-2021-23128
2021-03-04 18:15:00
CVE-2021-23132
2021-03-04 18:15:00
CVE-2021-26027
2021-03-04 18:15:00
veracode
veracode
Directory Traversal
2021-03-25 03:05:22
github
github
Path Traversal within joomla/archive zip class
2021-03-24 17:58:13
seebug
seebug
Joomla <=3.9.24 ็ฎก็†ๅ‘˜ๆƒ้™ๅ‘ฝไปคๆ‰ง่กŒ(CVE-2021-23132ใ€CVE-2020-24597)
2021-03-10 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Joomla Joomla\!
2021-03-03 02:13:57
Exploit for CVE-2020-24597
2020-08-26 02:31:21
checkpoint_advisories
checkpoint_advisories
Joomla! Remote Code Execution (CVE-2020-10238; CVE-2020-10239; CVE-2021-23132)
2020-12-21 00:00:00
JSON
Related for WEB_APPLICATION_SCANNING_112713
nessus1openvas4joomla9prion10osv11cve10veracode1github1seebug1githubexploit2checkpoint_advisories1