Security of your websites, email, and web space is extremely important, you need to keep your software up to date at all times and apply security patches as they are released, ensuring you have backups in place should you run into problems.
We are experienced with updating sites and have performed thousands of successful Joomla updates, for a free proposal for a security audit, or to update your Joomla version, including providing you with a test site, please complete a proposal request. Once you become a customer we will happily provide you with security advice free of charge that will enhance the security of your Joomla sites.
Project: Joomla!
SubProject: CMS
Severity: High
Versions: 3.2.0 through 3.4.4
Exploit type: SQL Injection
Reported Date: 2015-October-15
Fixed Date: 2015-October-22
CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858
Description
Inadequate filtering of request data leads to a SQL Injection vulnerability.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.4
Solution
Upgrade to version 3.4.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Asaf Orpani of Trustwave and Netanel...
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.2.0 through 3.4.4
Exploit type: ACL Violation
Reported Date: 2015-October-15
Fixed Date: 2015-October-22
CVE Number: CVE-2015-7859
Description
Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.4
Solution
Upgrade to version 3.4.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: JSST
Project: Joomla!
SubProject: CMS
Severity: Moderate
Versions: 3.0.0 through 3.4.4
Exploit type: ACL Violation
Reported Date: 2015-October-15
Fixed Date: 2015-October-22
CVE Number: CVE-2015-7899
Description
Inadequate ACL checks in com_content provide potential read access to data which should be access restricted.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.4
Solution
Upgrade to version 3.4.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: JSST
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.4.0 through 3.4.3
Exploit type: XSS Vulnerability
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
CVE Number: CVE-2015-6939
Description
Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs
Joomla! CMS versions 3.4.0 through 3.4.3
Solution
Upgrade to version 3.4.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: cfreer
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.2.0 through 3.4.1
Exploit type: CSRF Protection
Reported Date: 2015-April-06
Fixed Date: 2015-June-30
CVE Number: CVE-2015-5397
Description
Lack of CSRF checks potentially enabled uploading malicious code.
Affected Installs
Joomla! CMS versions 3.2.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Eric Flokstra
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.0.0 through 3.4.1
Exploit type: Open Redirect
Reported Date: 2015-April-08
Fixed Date: 2015-June-30
CVE Number: CVE-2015-5608
Description
Inadequate checking of the return value allowed to redirect to an external page.
Affected Installs
Joomla! CMS versions 3.0.0 through 3.4.1
Solution
Upgrade to version 3.4.2
Contact
The JSST at the Joomla! Security Centre.
Reported By: Eric Flokstra, Sharath Unni and Steven Sweeting
Security Centre
[20151001] - Core - SQL Injection
[20151002] - Core - ACL Violations
[20151003] - Core - ACL Violations
[20150908] - Core - XSS Vulnerability
[20150602] - Core - CSRF Protection
[20150601] - Core - Open Redirect