Joomla

[20150602] - Core - CSRF Protection

Joomla Security - Vie, 07/03/2015 - 23:10
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.4.1
  • Exploit type: CSRF Protection
  • Reported Date: 2015-April-06
  • Fixed Date: 2015-June-30
  • CVE Number: tbd
Description

Lack of CSRF checks potentially enabled uploading malicious code.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Contact

The JSST at the Joomla! Security Center.

Reported By: Eric Flokstra
Categorías: Joomla

[20150601] - Core - Open Redirect

Joomla Security - Vie, 07/03/2015 - 23:04
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.4.1
  • Exploit type: Open Redirect
  • Reported Date: 2015-April-08
  • Fixed Date: 2015-June-30
  • CVE Number: tbd
Description

Inadequate checking of the return value allowed to redirect to an external page.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Contact

The JSST at the Joomla! Security Center.

Reported By: Eric Flokstra, Sharath Unni and Steven Sweeting
Categorías: Joomla