joomla


Joomla! is one of the world's most popular content management systems (CMS). It enables users to build Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of July 2017, Joomla! has been downloaded over 82 million times. Over 7,800 free and commercial extensions are available from the official Joomla! Extension Directory, and more are available from other sources. In my last blog, I discovered 2 Cross-Site Scripting (XSS) vulnerabilities... [Read More]
by RSS Zhouyuan Yang  |  Jul 12, 2017  |  Filed in: Security Research
Joomla! is one of the world's most popular content management system (CMS) solutions. It enables users to build custom Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of November 2016, Joomla! had been downloaded over 78 million times. Over 7,800 free and commercial extensions are also currently available from the official Joomla! Extension Directory, and more are available from other sources. This year, as a FortiGuard researcher... [Read More]
by RSS Zhouyuan Yang  |  May 04, 2017  |  Filed in: Security Research
PHP is an open source, general-purpose scripting language used for web development that can also be embedded into HTML. It has over 9 million users, and is used by many popular tools, such as WordPress, Drupal, Joomla!, and so on. This week, a high-level security update was released to fix a remote code execution vulnerability (CVE-2016-10033) in PHPMailer, which is an open source PHP library for sending emails from PHP websites. This critical vulnerability is caused by class.phpmailer.php incorrectly processing user requests. As a result, remote... [Read More]
by RSS Zhouyuan Yang  |  Jan 05, 2017  |  Filed in: Security Research
Joomla, a popular free and open-source content management system, just released version 3.6.4 that fixed two critical vulnerabilities: [CVE-2016-8870] - Core - Account Creation: attackers can exploit this vulnerability to create any account in a Joomla system regardless of whether its registration has been disabled. [CVE-2016-8869] - Core - Elevated Privileges:  with the vulnerability above, an attacker not only can register an account in a vulnerable system, but also register with the highest privilege – Administrator. CVE-2016-8870... [Read More]
by RSS Tien Phan  |  Oct 27, 2016  |  Filed in: Security Research
Cross-site scripting (XSS) vulnerabilities have become fairly commonplace in web applications and crop up frequently in content management systems like WordPress and Joomla! While WordPress is the most popular CMS on the Web, and therefore a popular and potentially lucrative target for hackers, it’s not the only one. Joomla! is the second most popular CMS on the market, running just under 3% of all websites. FortiGuard recently discovered a persistent XSS vulnerability for Joomla!’s top e-commerce extension, VirtueMart, that could allow... [Read More]
by RSS Alex Harvey  |  May 06, 2015  |  Filed in: Industry Trends
Popular CMS software Joomla released a critical patch advisory earlier this month addressing a flaw in Joomla that allows an attacker the ability to inject malicious code into a Joomla-powered site. Once compromised, it's likely the site would be used as a drive-by-download location, potentially infecting both legitimate visitors to the site and to people falling prey to phishing emails. The patch affects Joomla 3.1.4 and earlier versions of Joomla 3.X, as well as Joomla 2.5.13 and earlier versions of Joomla 2.5.X. What's especially notable about... [Read More]
by RSS Richard Henderson  |  Aug 12, 2013  |  Filed in: Industry Trends