CVE-2018-17856
https://notcve.org/view.php?id=CVE-2018-17856
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.13. com_joomlaupdate permite la ejecución de código arbitrario. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/752-20181002-core-inadequate-default-access-level-for-com-joomlaupdate.html •
CVE-2018-17857
https://notcve.org/view.php?id=CVE-2018-17857
An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/753-20181003-core-access-level-violation-in-com-tags • CWE-863: Incorrect Authorization •
CVE-2018-17859
https://notcve.org/view.php?id=CVE-2018-17859
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/751-20181001-core-hardening-com-contact-contact-form.html •
CVE-2018-17855
https://notcve.org/view.php?id=CVE-2018-17855
An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/754-20181004-core-acl-violation-in-com-users-for-the-admin-verification • CWE-269: Improper Privilege Management •
CVE-2018-12712
https://notcve.org/view.php?id=CVE-2018-12712
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104566 http://www.securitytracker.com/id/1041245 https://developer.joomla.org/security-centre/741-20180601-core-local-file-inclusion-with-php-5-3 • CWE-20: Improper Input Validation •