Menü Schließen

Joomla Security News – Version 2.5 und 3.x betroffen – 06-03-2014

Logo Joomla

Das Joomla Security Team meldet für heute gleich 4 Sicherheitsprobleme in den Versionen 3.1 und 2.5. Alle Lücken können durch aktuelle Updates gefixt werden.  Daher sollte jeder seine Joomla-Webseite schnellst möglich aktualisieren.

[20140301] – Core – SQL Injection


Posted: 06 Mar 2014 12:30 PM PST
Project: Joomla!
SubProject: CMS
Severity: <High
Versions: 3.1.0 through 3.2.2
Exploit type: SQL Injection
Reported Date: 2014-February-06
Fixed Date: 2014-March-06
CVE Number: Pending

Description
Inadequate escaping leads to SQL injection vulnerability.
Affected Installs: Joomla! CMS versions 3.1.0 through 3.2.2

Solution
Upgrade to version 3.2.3
Reported By: ??

[20140302] – Core – XSS Vulnerability

</pre>
Posted: 06 Mar 2014 12:30 PM PST
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.1.2 through 3.2.2
Exploit type: XSS Vulnerability
Reported Date: 2014-March-04
Fixed Date: 2014-March-06
CVE Number: Pending

<strong>Description
</strong>Inadequate escaping leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! CMS versions 3.1.2 through 3.2.2

<strong>Solution
</strong>Upgrade to version 3.2.3

[20140303] – Core – XSS Vulnerability


Posted: 06 Mar 2014 12:30 PM PST
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: XSS Vulnerability
Reported Date: 2014-March-05
Fixed Date: 2014-March-06
CVE Number: Pending

Description
Inadequate escaping leads to XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions

Solution
Upgrade to version 2.5.19 or 3.2.3
Reported By: JSST

[20140304] – Core – Unauthorised Logins


Posted: 06 Mar 2014 12:30 PM PST
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Exploit type: Unauthorised Logins
Reported Date: 2014-February-21
Fixed Date: 2014-March-06
CVE Number: Pending

Description
Inadequate checking allowed unauthorised logins via GMail authentication.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions

Solution
Upgrade to version 2.5.19 or 3.2.3

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert