Lee Thao

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.25 **Description** An issue was discovered in Joomla where inadequate filters on module layout settings could lead to a Local File Inclusion (LFI). **Recommendations** For Joomla! versions 3.0.0 through 3.9.25, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.22 **Description** A missing token check in the `emailexport` feature of `com privacy` causes a CSRF issue. **Recommendations** For Joomla! versions 2.5.0 through 3.9.22, update to a version that includes the fix for the missing token check in the `emailexport` feature of `com privacy`. As a temporary workaround, consider disabling the `emailexport` feature of `com privacy` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.22 **Description** An issue was discovered in the folder parameter of mod random image, which lacked input validation, leading to a path traversal vulnerability. **Recommendations** For Joomla! versions 2.5.0 through 3.9.22, update to a version that includes the fix for the path traversal vulnerability in the mod random image module. As a temporary workaround, consider restricting access to the mod random image module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SharePoint Server (affected versions not specified) SharePoint Foundation (affected versions not specified) SharePoint Enterprise Server (affected versions not specified) **Description** The issue is related to the failure to protect the web page structure, which could allow a remote attacker to perform cross-site scripting attacks using a specially crafted request. An information disclosure vulnerability exists, enabling an attacker to read arbitrary files on the server by sending a specially crafted request to a susceptible SharePoint Server instance. **Recommendations** For SharePoint Server, consider restricting access to sensitive files and directories until a fix is available. For SharePoint Foundation, restrict access to vulnerable API endpoints, such as `/api/v1/files`, to minimize the risk of exploitation. For SharePoint Enterprise Server, as a temporary workaround, consider disabling the `fileReader` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.16 **Description** An issue was discovered in Joomla! where missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. **Recommendations** For versions prior to 3.9.16, update to version 3.9.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.15 **Description** An issue was discovered in Joomla! where missing token checks in the batch actions of various components cause CSRF vulnerabilities. **Recommendations** For versions prior to 3.9.15, update to version 3.9.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the batch actions of various components to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.15 **Description** A missing CSRF token check in the LESS compiler of com templates causes a CSRF issue. This allows for potential exploitation. **Recommendations** For versions prior to 3.9.15, update to version 3.9.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the com templates component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.14 **Description** A missing access check in framework files could lead to a path disclosure. **Recommendations** For versions prior to 3.9.14, update to version 3.9.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.13 **Description** A missing token check in the com template component causes a CSRF issue. **Recommendations** For versions prior to 3.9.13, update to version 3.9.13 or later to resolve the issue.