Phil Taylor

Name of the Vulnerable Software and Affected Versions Joomla! versions prior to v2.18.0 Description A lack of input validation in the autoupdate server mechanism allows for arbitrary file deletion. Attackers can bypass input validation by supplying crafted file paths, potentially leading to the deletion of arbitrary files on the web server filesystem with web server privileges. Approximately 125.5k+ instances are identified globally. Recommendations Update to version 2.18.0 or later.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 4.2.0 through 4.3.1 **Description** The issue is related to the lack of rate limiting, which allows brute force attacks against Multi-Factor Authentication (MFA) methods. MFA is a security process that requires a user to provide two or more authentication factors to access a system, application, or network. The absence of rate limiting enables attackers to attempt multiple login attempts without restriction, potentially leading to unauthorized access. **Recommendations** For Joomla! versions 4.2.0 through 4.3.1, consider implementing rate limiting on MFA methods to prevent brute force attacks until a patch is available. As a temporary workaround, restrict access to MFA-protected areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 4.0.0 through 4.1.0 **Description** An issue was discovered in Joomla! where under specific circumstances, `JInput` pollutes method-specific input bags with `$ REQUEST` data. **Recommendations** For Joomla! versions 4.0.0 through 4.1.0, consider updating to a version where this issue is resolved, as no specific fix is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.10.6 Joomla! versions 4.0.0 through 4.1.0 **Description** An issue was discovered where a user row was not bound to a specific authentication mechanism, which could under very special circumstances allow an account takeover. **Recommendations** For Joomla! versions 2.5.0 through 3.10.6, update to a version outside of this range to resolve the issue. For Joomla! versions 4.0.0 through 4.1.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider reviewing and restricting authentication mechanisms to minimize the risk of account takeover.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.26 **Description** A missing token check causes a CSRF issue in the "AJAX reordering endpoint". **Recommendations** For Joomla! versions 3.0.0 through 3.9.26, update to a version that includes the fix for the missing token check in the AJAX reordering endpoint. As a temporary workaround, consider restricting access to the AJAX reordering endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.26 **Description** A missing token check causes a CSRF issue in data download endpoints in `com banners` and `com sysinfo`. This allows for potential exploitation. **Recommendations** For Joomla! versions 3.0.0 through 3.9.26, consider disabling the data download endpoints in `com banners` and `com sysinfo` as a temporary workaround until a patch is available. Restrict access to these components to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.23 **Description** The issue is related to the lack of ACL checks in the "orderPosition endpoint" of com modules, which can leak names of unpublished and/or inaccessible modules. **Recommendations** For Joomla! versions 3.0.0 through 3.9.23, consider restricting access to the orderPosition endpoint of com modules to minimize the risk of exploitation. As a temporary workaround, restrict the use of the com modules component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.9.0 through 3.9.22 **Description** An issue was discovered that leads to a user enumeration attack vector in the backend login page due to improper handling of the `username`. **Recommendations** For Joomla! versions 3.9.0 through 3.9.22, update to a version that fixes the improper handling of the `username` to prevent user enumeration attacks.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.22 **Description** An issue was discovered where the autosuggestion feature of `com finder` did not respect the access level of the corresponding terms. **Recommendations** For Joomla! versions 2.5.0 through 3.9.22, consider disabling the autosuggestion feature of `com finder` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.22 **Description** An issue was discovered in the folder parameter of mod random image, which lacked input validation, leading to a path traversal vulnerability. **Recommendations** For Joomla! versions 2.5.0 through 3.9.22, update to a version that includes the fix for the path traversal vulnerability in the mod random image module. As a temporary workaround, consider restricting access to the mod random image module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.20 **Description** An issue was discovered that could expose Redis or proxy credentials due to inadequate filtering on the system information screen. **Recommendations** For versions prior to 3.9.20, update to version 3.9.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.9.19 and earlier **Description** An issue was discovered where internal read-only fields in the User table class could be modified by users. **Recommendations** For Joomla! versions 3.9.19 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.20 **Description** An issue was discovered in Joomla! where lack of input filtering and escaping allows XSS attacks in mod random image. **Recommendations** For versions prior to 3.9.20, update to version 3.9.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.13 **Description** A missing access check in the phputf8 mapping files could lead to a path disclosure. **Recommendations** For versions prior to 3.9.13, update to version 3.9.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! Core versions prior to 3.8.8 **Description** An issue was discovered that allowed users to see the names of tags that were either unpublished or published with restricted view permission due to inadequate checks. **Recommendations** For versions prior to 3.8.8, update to version 3.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BackWPup plugin versions prior to 1.7.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `wpabs` parameter in the `wp xml export.php` file. **Recommendations** For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue.