CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 7CVE-2017-8917 – Joomla! 3.7.0 - 'com_fields' SQL Injection
https://notcve.org/view.php?id=CVE-2017-8917
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en Joomla! 3.7.x versiones anteriores a 3.7.1 permite a los atacantes ejecutar comandos SQL arbitrarios a través de vectores no especificados. The Joomla version 3.7.0 fields component suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/42033 https://www.exploit-db.com/exploits/44358 https://github.com/brianwrf/Joomla3.7-SQLi-CVE-2017-8917 https://github.com/gmohlamo/CVE-2017-8917 https://github.com/AkuCyberSec/CVE-2017-8917-Joomla-370-SQL-Injection https://github.com/Siopy/CVE-2017-8917 https://github.com/BaptisteContreras/CVE-2017-8917-Joomla http://www.securityfocus.com/bid/98515 http://www.securitytracker.com/id/1038522 https://developer.joomla.org/security-centre/692& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 137EXPL: 0CVE-2017-7983
https://notcve.org/view.php?id=CVE-2017-7983
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. Al enviar un email utilizando JMail API, en Joomla! 1.5.0 hasta 3.6.5, se divulga en la cabecera del email la versión de PHPMailer utilizada. El fallo ha sido corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98016 https://developer.joomla.org/security-centre/683-20170401-core-information-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 46EXPL: 0CVE-2017-8057
https://notcve.org/view.php?id=CVE-2017-8057
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. Vulnerabilidad en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products (subcomponente: Fluid Core). Versiones compatibles que son afectadas son 8.54 y 8.55. Vulnerabilidad fácilmente explotable permite a atacante autenticado con acceso a la red a través de HTTP para comprometer PeopleSoft Enterprise PeopleTools. • http://www.securityfocus.com/bid/98028 https://developer.joomla.org/security-centre/690-20170408-core-information-disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 120EXPL: 0CVE-2017-7988
https://notcve.org/view.php?id=CVE-2017-7988
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article. El filtrado inadecuado del contenido de los formularios en Joomla! 1.6.0 hasta 3.6.5 permite la sobreescritura del autor de un artículo. El fallo se ha corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98022 https://developer.joomla.org/security-centre/688-20170406-core-acl-violations •
CVSS: 6.1EPSS: 0%CPEs: 57EXPL: 0CVE-2017-7987
https://notcve.org/view.php?id=CVE-2017-7987
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. El escapado inadecuado de nombres de ficheros y directorios en Joomla! 3.2.0 hasta 3.6.5 deriva en vulnerabilidades XSS en el gestor de plantillas. El fallo se ha corregido en la versión 3.7.0. • http://www.securityfocus.com/bid/98021 https://developer.joomla.org/security-centre/687-20170405-core-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •