First published: Mon Aug 05 2019(Updated: )
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Joomla Joomla\! | =3.9.7 | |
Joomla Joomla\! | =3.9.7-rc | |
Joomla Joomla\! | =3.9.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.