The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Core

computer vulnerability CVE-2019-14654

Joomla Core: code execution via Subform Filter Attribute

Synthesis of the vulnerability

An attacker can use a vulnerability via Subform Filter Attribute of Joomla Core, in order to run code.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 10/07/2019.
Identifiers: CERTFR-2019-AVI-314, CVE-2019-14654, VIGILANCE-VUL-29735.

Description of the vulnerability

An attacker can use a vulnerability via Subform Filter Attribute of Joomla Core, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-12764 CVE-2019-12765 CVE-2019-12766

Joomla Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/06/2019.
Identifiers: CERTFR-2019-AVI-266, CVE-2019-12764, CVE-2019-12765, CVE-2019-12766, VIGILANCE-VUL-29504.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-11809

Joomla Core: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Core, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 09/05/2019.
Identifiers: CERTFR-2019-AVI-198, CVE-2019-11809, VIGILANCE-VUL-29260.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-9711 CVE-2019-9712 CVE-2019-9713

Joomla Core: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/03/2019.
Identifiers: CERTFR-2019-AVI-097, CVE-2019-9711, CVE-2019-9712, CVE-2019-9713, CVE-2019-9714, VIGILANCE-VUL-28739.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-7739 CVE-2019-7740 CVE-2019-7741

Joomla Core: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-054, CVE-2019-7739, CVE-2019-7740, CVE-2019-7741, CVE-2019-7742, CVE-2019-7743, CVE-2019-7744, VIGILANCE-VUL-28499.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-6261 CVE-2019-6262 CVE-2019-6263

Joomla Core: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 15/01/2019.
Identifiers: CERTFR-2019-AVI-020, CVE-2019-6261, CVE-2019-6262, CVE-2019-6263, CVE-2019-6264, VIGILANCE-VUL-28282.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-17855 CVE-2018-17856 CVE-2018-17857

Joomla Core: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 09/10/2018.
Identifiers: CERTFR-2018-AVI-479, CVE-2018-17855, CVE-2018-17856, CVE-2018-17857, CVE-2018-17858, CVE-2018-17859, VIGILANCE-VUL-27446.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-15880 CVE-2018-15881 CVE-2018-15882

Joomla Core: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 29/08/2018.
Identifiers: CERTFR-2018-AVI-412, CVE-2018-15880, CVE-2018-15881, CVE-2018-15882, VIGILANCE-VUL-27102.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-12711

Joomla Core: Cross Site Scripting via Language Switcher

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Language Switcher of Joomla Core, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 26/06/2018.
Identifiers: CERTFR-2018-AVI-307, CVE-2018-12711, VIGILANCE-VUL-26541.

Description of the vulnerability

The Core extension can be installed on Joomla.

However, it does not filter received data via Language Switcher before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Language Switcher of Joomla Core, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-12712

Joomla Core: file reading via PHP Autoload

Synthesis of the vulnerability

A local attacker can read a file via PHP Autoload of Joomla Core, in order to obtain sensitive information.
Impacted products: Joomla! Core.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/06/2018.
Identifiers: CERTFR-2018-AVI-307, CVE-2018-12712, VIGILANCE-VUL-26540.

Description of the vulnerability

A local attacker can read a file via PHP Autoload of Joomla Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Core: