CVE-2019-14654

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:joomla:joomla\!:3.9.7:-:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.9.7:rc:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:3.9.8:*:*:*:*:*:*:*

History

21 Nov 2024, 04:27

Type Values Removed Values Added
References () https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html - Vendor Advisory () https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html - Vendor Advisory

Information

Published : 2019-08-05 01:15

Updated : 2024-11-21 04:27


NVD link : CVE-2019-14654

Mitre link : CVE-2019-14654

CVE.ORG link : CVE-2019-14654


JSON object : View

Products Affected

joomla

  • joomla\!