FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

joomla -- multiple vulnerabilities

Affected packages
joomla3 < 3.4.6

Details

VuXML ID a9f60ce8-a4e0-11e5-b864-14dae9d210b8
Discovery 2015-12-14
Entry 2015-12-17
Modified 2016-12-22

The JSST and the Joomla! Security Center report:

[20151201] - Core - Remote Code Execution Vulnerability

Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

[20151202] - Core - CSRF Hardening

Add additional CSRF hardening in com_templates.

[20151203] - Core - Directory Traversal

Failure to properly sanitize input data from the XML install file located within an extension's package archive allows for directory traversal.

[20151204] - Core - Directory Traversal

Inadequate filtering of request data leads to a Directory Traversal vulnerability.

References

CVE Name CVE-2015-8562
CVE Name CVE-2015-8563
CVE Name CVE-2015-8564
CVE Name CVE-2015-8565
URL https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
URL https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html
URL https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html
URL https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html
URL https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html