David Jardin

**Name of the Vulnerable Software and Affected Versions** Joomla JCE Editor versions 1.0.0 through 2.9.99.4 **Description** Improper access control in the JCE editor extension for Joomla allows unauthenticated users to create new editor profiles. This flaw enables the upload and execution of PHP code, potentially leading to remote code execution (RCE) via the `/tmp/` directory. The issue is linked to an AJAX endpoint that lacks authentication, specifically involving the profile import task at the endpoint 'index.php?option=com jce&task=profiles.import'. Real-world exploitation has been observed across hundreds of sites, with attackers deploying web shells to establish persistent backdoors. **Recommendations** Update to version 2.9.99.5 or 2.9.99.6. As a cleanup process for potentially compromised sites, back up rogue profiles, delete attacker-created profiles, change all administrator, database, and hosting account passwords, and perform a full server-side malware scan. Monitor access logs for unauthenticated requests to the 'index.php?option=com jce&task=profiles.import' endpoint and audit for suspicious editor profiles.

**Name of the Vulnerable Software and Affected Versions** AcyMailing Enterprise component for Joomla (affected versions not specified) **Description** The issue allows unauthorized actors to obtain the number of subscribers in a specific list, exposing sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AcyMailing Enterprise component for Joomla (affected versions not specified) **Description** The issue is related to an Improper Access Control vulnerability in the AcyMailing Enterprise component for Joomla. It allows unauthorized removal of attachments from campaigns. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AcyMailing Enterprise component for Joomla (affected versions not specified) **Description** The issue is related to an Improper Access Control vulnerability in the AcyMailing Enterprise component for Joomla. This vulnerability allows unauthorized users to create new mailing lists. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AcyMailing Enterprise component for Joomla versions 6.7.0 through 8.6.3 **Description** The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting (XSS). This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For versions 6.7.0 through 8.6.3, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.24 **Description** An issue was discovered where incorrect ACL checks could allow unauthorized change of the category for an article. **Recommendations** For Joomla! versions 3.0.0 through 3.9.24, update to a version that includes the fix for this issue to prevent unauthorized changes to article categories.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.3 **Description** An issue was discovered where the phar:// stream wrapper can be used for object injection attacks due to the lack of a protection mechanism. This allows the phar:// handler to be used for non .phar-files, potentially leading to exploitation. **Recommendations** For versions prior to 3.9.3, update to version 3.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the phar:// stream wrapper to minimize the risk of object injection attacks.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.8.13 **Description** An issue in com contact allows mail submission in disabled forms due to inadequate checks. **Recommendations** For versions prior to 3.8.13, update to version 3.8.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! Core versions prior to 3.8.8 **Description** The issue is related to inadequate filtering of file and folder names, which leads to various XSS attack vectors in the media manager. **Recommendations** For versions prior to 3.8.8, update to version 3.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! Core versions prior to 3.8.8 **Description** A lack of escaping the user-info component of the URI could result in an XSS issue under specific circumstances, such as when a redirect is issued with a URI containing a username and password, and the Location: header cannot be used. **Recommendations** For versions prior to 3.8.8, update to version 3.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! Core versions prior to 3.8.8 **Description** A race condition issue was discovered, related to long-running background processes such as remote checks for core or extension updates. This could lead to the recreation of a session that was expected to be destroyed. **Recommendations** For versions prior to 3.8.8, update to version 3.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.8.4 **Description** The issue is related to a lack of escaping in the module chromes, which leads to XSS vulnerabilities in the module system. **Recommendations** For versions prior to 3.8.4, update to version 3.8.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.2.0 through 3.6.5 **Description** The issue is related to inadequate escaping of file and folder names, which leads to XSS vulnerabilities in the template manager component. **Recommendations** For versions 3.2.0 through 3.6.5, update to version 3.7.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 1.6 through 1.7.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Joomla! versions 1.6 through 1.7.3, update to version 1.7.4 or later to resolve the issue.