[20180506] - Core - Filter field in com_fields allows remote code execution - Applicacious

[20180506] – Core – Filter field in com_fields allows remote code execution

  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 3.7.0 through 3.8.7
  • Exploit type: Remote Code Execution
  • Reported Date: 2018-May-14
  • Fixed Date: 2018-May-22
  • CVE Number: CVE-2018-11321

Description

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.7

Solution

Upgrade to version 3.8.8

Contact

The JSST at the Joomla! Security Centre.

Reported By: Benjamin Trenkle, JSST
  • in Blog
  • by
  • May 22, 2018
  • Comments Off on [20180506] – Core – Filter field in com_fields allows remote code execution

Comments are closed.

%d bloggers like this: