CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17859
https://notcve.org/view.php?id=CVE-2018-17859
An issue was discovered in Joomla! before 3.8.13. Inadequate checks in com_contact could allow mail submission in disabled forms. Se ha descubierto un problema en Joomla! en versiones anteriores a la 03/08/2013. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/751-20181001-core-hardening-com-contact-contact-form.html •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-17858
https://notcve.org/view.php?id=CVE-2018-17858
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. Se ha descubierto un problema en Joomla! en versiones anteriores a la 3.8.13. Las acciones com_installer no tienen un bastionado CSRF suficiente en el backend. • http://www.securityfocus.com/bid/105559 http://www.securitytracker.com/id/1041914 https://developer.joomla.org/security-centre/755-20181005-core-csrf-hardening-in-com-installer.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12712
https://notcve.org/view.php?id=CVE-2018-12712
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion. Se ha descubierto un problema en Joomla! • http://www.securityfocus.com/bid/104566 http://www.securitytracker.com/id/1041245 https://developer.joomla.org/security-centre/741-20180601-core-local-file-inclusion-with-php-5-3 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2018-12711
https://notcve.org/view.php?id=CVE-2018-12711
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. Se ha descubierto un problema de Cross-Site Scripting (XSS) en el módulo language switcher en Joomla! • http://www.securityfocus.com/bid/104565 http://www.securitytracker.com/id/1041244 https://developer.joomla.org/security-centre/740-20180602-core-xss-vulnerability-in-language-switcher-module • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 119EXPL: 1CVE-2017-14596
https://notcve.org/view.php?id=CVE-2017-14596
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. En Joomla! en versiones anteriores a la 3.8.0, un escape inadecuado en el plugin de autenticación LDAP puede resultar en una divulgación del nombre de usuario y la contraseña. • http://www.securityfocus.com/bid/100898 http://www.securitytracker.com/id/1039407 https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596 https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •