vulnerability

Joomla!: [20190701] - Core - Filter attribute in subform fields allows remote code execution (CVE-2019-14654)

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Jul 10, 2019
Added
Jul 10, 2019
Modified
Aug 13, 2019

Description

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.

Solution

joomla-upgrade-3_9_9
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.