CVE-2018-12712
- EPSS 2.32%
- Veröffentlicht 26.06.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:45:43
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local Fi...
CVE-2018-11321
- EPSS 1.99%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:07
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
CVE-2018-11322
- EPSS 2.13%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:08
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
CVE-2018-11323
- EPSS 3.22%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:08
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
CVE-2018-11324
- EPSS 1.33%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:08
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
CVE-2018-11325
- EPSS 3.8%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:08
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator a...
CVE-2018-11326
- EPSS 1.05%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:08
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a ...
CVE-2018-11327
- EPSS 1.45%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:08
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.
CVE-2018-11328
- EPSS 1.36%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:08
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could...
CVE-2018-6378
- EPSS 1.41%
- Veröffentlicht 22.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:35
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.