pixel code
whatsApp Chat with us on WhatsApp
Joomla Security

by  David Dwyer on  09/07/2015

Following up on our recent competency blog article about Joomla here is an example of what a competent Web Developer is signed up for to receive if they are managing Joomla websites.
 
Has your Joomla web developer been in touch to advise or have they dealt with or are they not even aware that the Security update has been released?
 
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.4.1
  • Exploit type: CSRF Protection
  • Reported Date: 2015-April-06
  • Fixed Date: 2015-June-30
  • CVE Number: tbd

Description

Lack of CSRF checks potentially enabled uploading malicious code.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.1

Solution

Upgrade to version 3.4.2
 
 
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.0.0 through 3.4.1
  • Exploit type: Open Redirect
  • Reported Date: 2015-June-01
  • Fixed Date: 2015-June-30
  • CVE Number: tbd

Description

Inadequate checking of the return value allowed to redirect to an extern page.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.1

Solution

Upgrade to version 3.4.2
 
 

David Dwyer is Managing Director of Inspire Web Development. He has years of experience in a range of web and IT roles plus seven years in sales and marketing in a blue-chip FMCG company. David’s academic and professional qualifications include a BA (Hons) in Business Economics (Personnel & Ergonomics) from the University of Paisley, an MSc in Information Technology (Systems) from Heriot-Watt University and PRINCE2 Practitioner-level certification. He is also an active member of the British Computer Society, Entrepreneurial Exchange and Business for Scotland.

 

Follow Inspire on Twitter @inspireltd and @developersos

Blogging, Customer Relationship Management, Cyber Security, Cyber Security Vulnerabilities, Developer SOS, Joomla, Security, Server, Server Security, Software as a Service Application Development, Web Consultancy, Website Support
First Name
Last Name
Email
Website
Phone
How can we help?
To comply with data protection regulations (2018), we are unable to store and use your information unless you give us your permission. Please select Yes to allow this. View our data protection policy for details.
 
Name
Website
Email
Comment
To comply with data protection regulations (2018), we are unable to store and use your information unless you give us your permission. Please select Yes to allow this. View our data protection policy for details.