Ike.ninja

The second release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to test the WordPress 5.4 release candidate: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]

• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 1.7.0-3.9.15
• Exploit type: SQL Injection
• Reported Date: 2020-March-9
• Fixed Date: 2020-March-10
• CVE Number: CVE-2020-10243

Description

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the “Featured Articles” frontend menutype.

Affected Installs

Joomla! CMS versions 1.7.0 – 3.9.15

Solution

Upgrade to version 3.9.16

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 3.0.0-3.9.15
• Exploit type: Other
• Reported Date: 2020-February-07
• Fixed Date: 2020-March-10
• CVE Number: CVE-2020-10240

Description

Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.

Affected Installs

Joomla! CMS versions 3.0.0 – 3.9.15

Solution

Upgrade to version 3.9.16

Contact

The JSST at the Joomla! Security Centre.

• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 3.0.0-3.9.15
• Exploit type: XSS
• Reported Date: 2020-February-24
• Fixed Date: 2020-March-10
• CVE Number: CVE-2020-10242

Description

Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allow XSS attacks.

Affected Installs

Joomla! CMS versions 3.0.0 – 3.9.15

Solution

Upgrade to version 3.9.16

Contact

The JSST at the Joomla! Security Centre.

Several security issues were fixed in SQLite.