Description

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.

Remediation

References

CVE-2019-14654

Related Vulnerabilities

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Request Forgery (2.8.6)

IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-4156)

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Information Disclosure (2.1.3)

WordPress Plugin Authenticator Denial of Service (1.3.0)

Sqlite Divide By Zero Vulnerability (CVE-2019-16168)

Severity

High

Classification

CVE-2019-14654 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities