[20181005] – Core – CSRF hardening in com_installer

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 2.5.0 through 3.8.12 Exploit type: CSRF Reported Date: 2018-September-26 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17858 Description Added additional Continue Reading

[20181004] – Core – ACL Violation in com_users for the admin verification

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.5.0 through 3.8.12 Exploit type: ACL Violation Reported Date: 2017-December-27 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17855 Description In Continue Reading

[20181003] – Core – Access level Violation in com_tags

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.1.0 through 3.8.12 Exploit type: ACL Violation Reported Date: 2018-June-20 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17857 Description Inadequate Continue Reading

[20181002] – Core – Inadequate default access level for com_joomlaupdate

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.4 through 3.8.12 Exploit type: Object Injection Reported Date: 2018-June-21 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17856 Description Joomla’s Continue Reading

[20181001] – Core – Hardening com_contact contact form

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 2.5.0 through 3.8.12 Exploit type: Incorrect Access Control Reported Date: 2018-September-17 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17859 Description Continue Reading

Joomla 3.8.13 Release

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Joomla 3.8.13 is now available. This is a security release for the 3.x series of Joomla which addresses 5 security vulnerabilities. Joomla is available using 1 click Continue Reading

[20180803] – Core – ACL Violation in custom fields

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.7.0 through 3.8.11 Exploit type: ACL Violation Reported Date: 2018-July-10 Fixed Date: 2018-August-28 CVE Number: CVE-2018-15881 Description Inadequate Continue Reading

[20180801] – Core – Hardening the InputFilter for PHAR stubs

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 1.5.0 through 3.8.11 Exploit type: Malicious file upload Reported Date: 2018-August-23 Fixed Date: 2018-August-28 CVE Number: CVE-2018-15882 Description Continue Reading

Joomla 3.8.9 Release

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Joomla 3.8.9 is now available. This is a security release which addresses 2 security vulnerabilities and contains over 50 bug fixes and improvements. Joomla is available using Continue Reading

[20180602] – Core – XSS vulnerability in language switcher module

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 1.6.0 through 3.8.8 Exploit type: XSS Reported Date: 2018-May-07 Fixed Date: 2018-June-26 CVE Number: CVE-2018-12711 Description In some Continue Reading

[20180601] – Core – Local File Inclusion with PHP 5.3

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 2.5.0 through 3.8.8 Exploit type: LFI Reported Date: 2018-April-23 Fixed Date: 2018-June-26 CVE Number: CVE-2018-12712 Description Our autoload Continue Reading

On your marks, ready, set … Launch!

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! The Joomla Project and CloudAccess.net are equally excited to announce the launch of launch.joomla.org, the brand new platform to launch a free Joomla website and test upcoming Continue Reading

Joomla 3.8.8 Release

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Joomla 3.8.8 is now available. This is a security release which addresses 9 security vulnerabilities, contains over 50 bug fixes, and includes various security related improvements. Joomla Continue Reading

[20180509] – Core – XSS vulnerability in the media manager

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 1.5.0 through 3.8.7 Exploit type: XSS Reported Date: 2017-October-28 Fixed Date: 2018-May-22 CVE Number: CVE-2018-6378 Description Inadequate filtering Continue Reading

[20180507] – Core – Session deletion race condition

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Medium Severity: Low Versions: 3.0.0 through 3.8.7 Exploit type: Session race condition Reported Date: 2017-July-08 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11324 Description Continue Reading

[20180506] – Core – Filter field in com_fields allows remote code execution

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.7.0 through 3.8.7 Exploit type: Remote Code Execution Reported Date: 2018-May-14 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11321 Description Continue Reading

[20180505] – Core – XSS Vulnerabilities & additional hardening

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Moderate Versions: 3.0.0 through 3.8.7 Exploit type:XSS Reported Date:2018-February-02 & 2018-March-27 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11326 Description Inadequate input Continue Reading

[20180504] – Core – Installer leaks plain text password to local user

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 through 3.8.7 Exploit type: Information Disclosure Reported Date: 2018-February-09 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11325 Description The Continue Reading

[20180503] – Core – Information Disclosure about unpublished tags

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Low Severity: Moderate Versions: 3.1.0 through 3.8.7 Exploit type: Information Disclosure Reported Date: 2018-April-27 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11327 Description Inadequate Continue Reading

[20180502] – Core – Add PHAR files to the upload blacklist

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.0 through 3.8.7 Exploit type: Malicious file upload Reported Date: 2018-March-14 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11322 Description Continue Reading

[20180501] – Core – ACL violation in access levels

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.0 through 3.8.7 Exploit type: ACL violation Reported Date: 2018-March-08 Fixed Date: 2018-May-22 CVE Number: CVE-2018-11323 Description Inadequate Continue Reading

Joomla 3.9 and Joomla 3.10

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! As you most probably know, the General Data Protection Regulation (GDPR) will enter into force on 25 May, 2018.Joomla, listening to its users, intends to integrate a Continue Reading

[20180301] – Core – SQLi vulnerability User Notes

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.5.0 through 3.8.5 Exploit type: SQLi Reported Date: 2018-March-08 Fixed Date: 2018-March-12 CVE Number: CVE-2018-8045 Description The lack of type Continue Reading

[20180103] – Core – XSS vulnerability in Uri class

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.5.0 through 3.8.3 Exploit type: XSS Reported Date: 2017-November-17 Fixed Date: 2018-January-30 CVE Number: CVE-2018-6379 Description Inadequate input filtering in Continue Reading

[20180102] – Core – XSS vulnerability in com_fields

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.7.0 through 3.8.3 Exploit type: XSS Reported Date: 2018-January-20 Fixed Date: 2018-January-30 CVE Number: CVE-2018-6377 Description Inadequate input filtering in com_fields Continue Reading

[20180101] – Core – XSS vulnerability in module chromes

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0 through 3.8.3 Exploit type: XSS Reported Date: 2018-January-21 Fixed Date: 2018-January-30 CVE Number: CVE-2018-6380 Description Lack of escaping in Continue Reading

Joomla’s Response to Overturning Net Neutrality in the United States

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! New York – December 15, 2017The FCC (Federal Communications Commission) vote on Thursday December 14, 2017 to repeal Net Neutrality, while unfortunately expected, is tremendously disappointing to Continue Reading

Joomla 4.0 Alpha 1 Released for Testing

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! The Joomla Project is pleased to announce the availability of Joomla 4.0 Alpha 1 for download. What’s new in Joomla 4.0 so far? Removal of deprecated functions Continue Reading

[20171103] – Core – Information Disclosure

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Severity: Low Versions: 3.7.0 through 3.8.1 Exploit type: Information Disclosure Reported Date: 2017-May-17 Fixed Date: 2017-November-07 CVE Number: CVE-2017-16633 Description A logic bug Continue Reading

[20171102] – Core – 2-factor-authentication bypass

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Severity: Medium Versions: 3.2.0 through 3.8.1 Exploit type:  Reported Date: 2017-October-31 Fixed Date: 2017-November-07 CVE Number: CVE-2017-16634 Description A bug allowed third parties to Continue Reading

[20171101] – Core – LDAP Information Disclosure

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Project: Joomla! SubProject: CMS Severity: Medium Versions: 1.5.0 through 3.8.1 Exploit type: Information Disclosure Reported Date: 2017-October-06 Fixed Date: 2017-November-07 CVE Number: CVE-2017-14596 Description Inadequate escaping in Continue Reading

Joomla! 3.8.2 Release

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers! Joomla! 3.8.2 is now available. This is a security release for the 3.x series of Joomla addressing three security vulnerabilities and fixing several bugs which were reported Continue Reading