Joomla is playing catch - up with hackers, urgently fixing vulnerabilities.
Five vulnerabilities were discovered in the Joomla content management system that can be used to execute arbitrary code on vulnerable sites. Developers have already fixed these security issues affecting several versions of Joomla by releasing CMS fixes in versions 5.0.3 and 4.4.3.
The Joomla recommendations note that the XSS vulnerability CVE-2024-21726 affects the main component of the Joomla filter and, with an average probability, can be exploited. However, according to Sonar, the flaw can be exploited to achieve remote code execution.
An attacker can exploit the vulnerability by tricking the administrator into clicking on a malicious link. Although exploitation requires user interaction, an attacker can use various tricks to attract the administrator's attention or launch so-called "spray-and-pray" attacks, hoping that some users will click on malicious links.
Sonar does not disclose technical details of the vulnerability to allow more Joomla administrators to apply the available security updates. Sonar emphasizes the importance of taking immediate action to reduce risk and strongly recommends that all Joomla users upgrade to the latest version.
Five vulnerabilities were discovered in the Joomla content management system that can be used to execute arbitrary code on vulnerable sites. Developers have already fixed these security issues affecting several versions of Joomla by releasing CMS fixes in versions 5.0.3 and 4.4.3.
- CVE-2024-21722: MFA management functions did not properly terminate existing user sessions when changing the user's multi-factor authentication (MFA) methods.
- CVE-2024-21723: Incorrect analysis of URLs can lead to an Open redirect.
- CVE-2024-21724: Incorrect input validation for media selection fields leads to Cross-Site Scripting (XSS) vulnerabilities in various extensions.
- CVE-2024-21725: Incorrect email address escaping leads to XSS vulnerabilities in various components. It has a high probability of exploitation
- CVE-2024-21726: Incorrect content filtering in the filter code, resulting in multiple XSS flaws. The average probability of exploitation, as well as the possibility of achieving Remote Code Execution (RCE).
The Joomla recommendations note that the XSS vulnerability CVE-2024-21726 affects the main component of the Joomla filter and, with an average probability, can be exploited. However, according to Sonar, the flaw can be exploited to achieve remote code execution.
An attacker can exploit the vulnerability by tricking the administrator into clicking on a malicious link. Although exploitation requires user interaction, an attacker can use various tricks to attract the administrator's attention or launch so-called "spray-and-pray" attacks, hoping that some users will click on malicious links.
Sonar does not disclose technical details of the vulnerability to allow more Joomla administrators to apply the available security updates. Sonar emphasizes the importance of taking immediate action to reduce risk and strongly recommends that all Joomla users upgrade to the latest version.
