PT-2026-45038

Summary modules/registration.php mode send login regenerates a random password for user uuid assigned, stores its bcrypt hash in adm users.usr password, and emails the cleartext to that user. Every other state-changing mode in the same file assign member, assign user, delete user, create user cal...

PT-2026-24803

CVE-2026-31954 Emlog is an open source website building system. In 2.6.6 and earlier, the delete async action asynchronous delete lacks a call to LoginAuth::checkToken, enabling… https://t.co/jGjg6aBhCJ...

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

CVE-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

CVE-2019-18650

An issue was discovered in Joomla! before 3.9.13. A missing token check in comtemplate causes a CSRF vulnerability...

BIT-JOOMLA-2023-23750 [20230101] - Core - CSRF within post-installation messages

An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages...

BIT-JOOMLA-2021-26033 [20210502] - Core - CSRF in AJAX reordering endpoint

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

BIT-JOOMLA-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

BIT-JOOMLA-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

Joomla! 跨站请求伪造漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.0.0 through 4.2.6, which stems from a missing token check. An attacker can exploit this vulnerability to perform cross-site request forgery attacks...

Joomla! cross-site request forgery vulnerability (CNVD-2021-38295)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...

Joomla! cross-site request forgery vulnerability (CNVD-2021-38296)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in combanners and comsysinfo in...

Cross site request forgery (csrf)

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

Joomla! 3.x < 3.9.27 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-26032...

Joomla! 跨站请求伪造漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...

[20210502] - Core - CSRF in AJAX reordering endpoint

A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

Cross site request forgery (csrf)

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

PT-2020-14590 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.9.19 and earlier Description: A missing token check in the remove request section of com privacy causes a CSRF issue. Recommendations: For versions 3.9.19 and earlier, update to a version that includes the fix for the missi...

Joomla! cross-site request forgery vulnerability (CNVD-2020-41803)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A security vulnerability exists in Joomla! versions prior to 3.9.19, which stems from a missing token check in compostinstall. The vulnerability can...