BIT-JOOMLA-2022-23796 [20220304] - Core - Missing input validation within com_fields class inputs

An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using comfields...

Joomla core 3.7.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1 - Unauthenticated XSS in com_fields default field value vulnerability

Unauthenticated XSS in comfields default field value vulnerability discovered by ? in WordPress Core Joomla versions 3.7.0-3.10.15-elts,4.0.0-4.4.5,5.0.0-5.1.1...

CVE-2022-23796 [20220304] - Core - Missing input validation within com_fields class inputs

An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using comfields...

CVE-2022-23796

CVE-2022-23796 affects Joomla! 3.7.0 through 3.10.6, where lack of input validation in the com_fields class inputs enables cross-site scripting (XSS). The connected sources confirm the vulnerable component and the XSS impact, but do not specify exploit details or available patches within the prov...

CVE-2022-23796

An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using comfields...

[20220304] - Core - Missing input validation within com_fields class inputs

Lack of input validation could allow an XSS attack using comfields...

CVE-2020-10239

CVE-2020-10239 affects Joomla! core prior to 3.9.16, where an Incorrect Access Control in the SQL fieldtype of com_fields may allow non‑superadmin users to access restricted data. Affected versions include 3.7.0–3.9.15; the issue is fixed in 3.9.16+. Some connected sources note a GitHub exploit P...

Joomla! access control error vulnerability (CNVD-2020-20998)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in the comfields SQL field in Joomla! versions 3.7.0 through 3.9.15, which can be exploited by attacker...

[20200305] - Core - Incorrect Access Control in com_fields SQL field

Incorrect Access Control in the SQL fieldtype of comfields allows access for non-superadmin users...

Joomla! 3.3.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Joomla! 3.6.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Joomla! 1.6.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Joomla! 3.2.x < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement affects 3.0.0 through 3.8.3. CVE-2018-6380 - The XSS vulnerability in comfields as noted in the...

Joomla 'com_fields' RCE Vulnerability (20180506)

Joomla is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

Remote Code Execution Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other features.Joomla! Core is a Joomla! kernel . A security vulnerability exists in comfields in Joomla! Core versions prior to 3.8....

Design/Logic Flaw

An issue was discovered in comfields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

CVE-2018-11321

An issue was discovered in comfields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

CVE-2018-11321

CVE-2018-11321 affects Joomla! Core via the com_fields component. The issue arises from inadequate filtering in the field filtering logic, allowing authorized users who create custom fields to manipulate filtering options and inject an unvalidated option, potentially enabling remote code executio...

[20180506] - Core - Filter field in com_fields allows remote code execution

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

Joomla Fields SQL Injection / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla Component Fields SQLi Remote Code Execution', 'Description' = %q This module exploits a SQL injection vulnerability in the comfields...