vulnerability
Joomla!: [20190701] - Core - Filter attribute in subform fields allows remote code execution (CVE-2019-14654)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Jul 10, 2019 | Jul 10, 2019 | Aug 13, 2019 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Jul 10, 2019
Added
Jul 10, 2019
Modified
Aug 13, 2019
Description
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
Solution
joomla-upgrade-3_9_9

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.