Affected resources:
Joomla! versions: 1-5-0 to 3.8.12
Description:
Content manager Joomla! has published new security updates to fix some vulnerabilities that affected it’s core.
Solution:
If you have any version of the ones listed above, we recommend you to update it to the last version ( 3.8.12 ) which you can find at the official Joomla! webpage or update it from the management panel in the content manager. If you have an external supplier, send him back this information so he can apply the security update following these steps:
First, first you have to access to the admin console.Usually, the route is http://MIDOMINIO/”alias_backend” (usually “Administrator”)
Once you are in, you can check that your own manager warns you with a message that there is a new version available, in this case, the 3.8.12 one
On the last step, the installation process will boot and and this message will appear when finished «Su sitio ha sido actualizado correctamente» (your client is updated without problems)
On that moment, your content manager will have the last update installed.
Important:
Before doing all this on production environments is recommended to try things on a pre-production environments to check is everything goes smooth after the installation.
Would you like to know the latest information about our news? Come and try subscribing to our boards or the twitter profile @ProtegeEmpresa You will be the first to know about any security news and updates.
Detail:
This update solves vulnerabilities like:
1- Updating the security level against CSRF (Cross-Site Request Forgery). This kind of attack forces the user to execute nasty actions to the applications where they’re logged in.
This update are directed to the actions of the administration module «com_installer» executes on the backend.
2- Vulnerabilities that would allow the attackers with access to an email that have admin permissions, to allow himself and activate his account/logging.
3- Vulnerability on the tag searching fields that could make a breach on the access levels.In Joomla! the access levels are used to control the access of the content on our website.
4- Vulnerability detected on the default configuration of the access control lists (ACL) that would allow the execution of a code for admin users of the website in the «com_joomlaupdate» module.
- Vulnerability related to fake verifications in the «com_contact» module that would allow the delivery of disabled forms.
It’s important to protect the content manager to avoid it to be vulnerable. Follow this checklist
to avoid attacks of cyber criminals, some of them explained as real cases.
My website is on a blacklist?
The day that my company attacked another on the internet without noticing it.
My website is forging a bank website
My website is being attacked by Yihadists.