15 matches found
BIT-JOOMLA-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...
CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...
[20260305] - Core - Arbitrary file deletion in com_joomlaupdate
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...
GHSA-9M72-PW47-292W Joomla RCE Vulnerability
An issue was discovered in Joomla! before 3.8.13. comjoomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access comjoomlaupdate and trigger code execution...
Joomla RCE Vulnerability
An issue was discovered in Joomla! before 3.8.13. comjoomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access comjoomlaupdate and trigger code execution...
Joomla 3.6.x < 3.9.7 Multiple Vulnerabilites
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.6.x prior to 3.9.7. It is, therefore, affected by the following vulnerabilities: - Joomla versions 3.8.13 prior to 3.9.7 are affected by a vulnerability where a non-admin user may manipulate the...
Unspecified vulnerability in Joomla! (CNVD-2019-43398)
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A security vulnerability exists in Joomla! that stems from a default ACL configuration that allows administrator-level users to access...
Joomla! < 3.8.13 RCE Vulnerability
comjoomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access comjoomlaupdate and trigger code execution. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...
Code injection
An issue was discovered in Joomla! before 3.8.13. comjoomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access comjoomlaupdate and trigger code execution...
CVE-2018-17856
Summary: CVE-2018-17856 affects Joomla! before 3.8.13. The com_joomlaupdate component permits arbitrary code execution due to a default ACL configuration that allows Administrator-level users to access com_joomlaupdate. This leads to remote code execution with high impact; CVSSv3 base score 7.2 (...
[20181002] - Core - Inadequate default access level for com_joomlaupdate
Joomla’s comjoomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access comjoomlaupdate and trigger a code execution...
Joomla! Core 'com_joomlaupdate' Cross-Site Request Forgery Vulnerability
Joomla! is an open source content management system CMS, the system provides RSS feeds, site search and other functions. A cross-site request forgery vulnerability exists in Joomla! version 3.6.0, which stems from a failure to properly validate user input, and can be exploited by a remote attacke...
Joomla! < 3.6.1 Multiple Vulnerabilities
According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.6.1. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the mail component due to improper sanitization of input before...
Joomla! -- multiple vulnerabilities
The JSST and the Joomla! Security Center report: 20160801 - Core - ACL Violation Inadequate ACL checks in comcontent provide potential read access to data which should be access restricted to users with editown level. 20160802 - Core - XSS Vulnerability Inadequate escaping leads to XSS...
[20160803] - Core - CSRF
Add additional CSRF hardening in comjoomlaupdate...