Packagist (Composer) package
joomla/framework
pkg:composer/joomla/framework
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17856 | Hig | 7.2 | >= 2.5.4, < 3.8.13 | 3.8.13 | Oct 9, 2018 | An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution. | |
| CVE-2008-4104 | — | >= 1.5.0, < 1.5.7 | 1.5.7 | Sep 18, 2008 | Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. | ||
| CVE-2008-3227 | — | < 1.5.4 | 1.5.4 | Jul 18, 2008 | Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. |
- affected >= 2.5.4, < 3.8.13fixed 3.8.13
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
- CVE-2008-4104Sep 18, 2008affected >= 1.5.0, < 1.5.7fixed 1.5.7
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
- CVE-2008-3227Jul 18, 2008affected < 1.5.4fixed 1.5.4
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.