CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11323
https://notcve.org/view.php?id=CVE-2018-11323
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104276 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/729-20180501-core-acl-violation-in-access-levels.html • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11321
https://notcve.org/view.php?id=CVE-2018-11321
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. Se ha descubierto un problema en com_fields en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104271 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/734-20180506-core-filter-field-in-com-fields-allows-remote-code-execution.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11324
https://notcve.org/view.php?id=CVE-2018-11324
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. Se ha descubierto un problema en Joomla! Core en versiones anteriores a la 3.8.8. • http://www.securityfocus.com/bid/104274 http://www.securitytracker.com/id/1040966 https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 1CVE-2018-8045
https://notcve.org/view.php?id=CVE-2018-8045
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. En Joomla!, de la versión 3.5.0 a la 3.8.5, la falta de casting de tipos en una variable de una instrucción SQL conduce a una vulnerabilidad de inyección SQL en la vista de lista User Notes. • https://github.com/luckybool1020/CVE-2018-8045 http://www.securityfocus.com/bid/103402 http://www.securitytracker.com/id/1040540 https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 0CVE-2018-6379
https://notcve.org/view.php?id=CVE-2018-6379
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. En Joomla!, en versiones anteriores a la 3.8.4, el filtrado de entradas inadecuado en la clase Uri (anteriormente JUri) conduce a una vulnerabilidad de XSS. • http://www.securityfocus.com/bid/102918 http://www.securitytracker.com/id/1040316 https://developer.joomla.org/security-centre/721-20180104-core-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •