CVE-2019-14654
First published: Mon Aug 05 2019(Updated: )
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joomla | =3.9.7 | |
| Joomla | =3.9.7-rc | |
| Joomla | =3.9.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-14654?
CVE-2019-14654 has a high severity rating due to its potential for remote code execution.
How do I fix CVE-2019-14654?
To fix CVE-2019-14654, you need to upgrade your Joomla! installation to version 3.9.9 or later.
Which versions of Joomla! are affected by CVE-2019-14654?
CVE-2019-14654 affects Joomla! versions 3.9.7 and 3.9.8.
What are the risks of not addressing CVE-2019-14654?
Not addressing CVE-2019-14654 increases the risk of unauthorized remote code execution on your Joomla! site.
What type of impact does CVE-2019-14654 have?
CVE-2019-14654 can lead to significant security vulnerabilities, allowing attackers to execute arbitrary code on your server.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/joomla
- canonical/joomla
- version/joomla/3.9.7
- version/joomla/3.9.7-rc
- version/joomla/3.9.8