FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities

Affected packages
3.2.0 <= joomla3 < 3.4.5

Details

VuXML ID 0ebc6e78-7ac6-11e5-b35a-002590263bf5
Discovery 2015-10-22
Entry 2015-10-25

The JSST and the Joomla! Security Center report:

[20151001] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability.

[20151002] - Core - ACL Violations

Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.

References

CVE Name CVE-2015-7297
CVE Name CVE-2015-7857
CVE Name CVE-2015-7858
CVE Name CVE-2015-7859
URL http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
URL http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html
URL https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html