CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15881
https://notcve.org/view.php?id=CVE-2018-15881
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.12. • http://www.securityfocus.com/bid/105161 http://www.securitytracker.com/id/1041913 https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-15882
https://notcve.org/view.php?id=CVE-2018-15882
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.12. • http://www.securityfocus.com/bid/105166 http://www.securitytracker.com/id/1041913 https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12712
https://notcve.org/view.php?id=CVE-2018-12712
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104566 http://www.securitytracker.com/id/1041245 https://developer.joomla.org/security-centre/741-20180601-core-local-file-inclusion-with-php-5-3 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2018-12711
https://notcve.org/view.php?id=CVE-2018-12711
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. Se ha descubierto un problema de Cross-Site Scripting (XSS) en el módulo language switcher en Joomla! • http://www.securityfocus.com/bid/104565 http://www.securitytracker.com/id/1041244 https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11325
https://notcve.org/view.php?id=CVE-2018-11325
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104278 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-plain-text-password-to-local-user.html • CWE-209: Generation of Error Message Containing Sensitive Information •