Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla CVE-2019-14654 Vulnerability (CVE-2019-14654)

Description

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.

Remediation

References

Related Vulnerabilities

Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8101)

MySQL CVE-2018-2805 Vulnerability (CVE-2018-2805)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

Frontaccounting Other Vulnerability (CVE-2007-4279)

WordPress Plugin Content Staging Cross-Site Scripting (2.0.1)

Severity

High

Classification

CVE-2019-14654 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities