Pierluigi Paganini February 22, 2024
The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS):
The impact of these flaws can be widespread because roughly 2% of all websites use Joomla, millions of websites worldwide use this CMS.
“The widespread usage of Joomla and the fact that most deployments are publicly accessible makes it a valuable target for threat actors. Just recently, Joomla was targeted in an attack against different organizations via an improper access control vulnerability (CVE-2023-23752).” reported cybersecurity firm Sonarsource which discovered an issue that led to the XSS vulnerabilities in the popular Content Management System.
The researchers pointed out that an attacker can exploit these issues to gain remote code execution by tricking an administrator into clicking on a malicious link.
“While we won’t be disclosing technical details at this time, we want to emphasize the importance of prompt action to mitigate this risk. We strongly advise all Joomla users to update to the latest version. The first release known to address the vulnerability is Joomla version 5.0.3/4.4.3.” states Sonarsource which did not disclose technical details about the issues to avoid massive exploitation in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Joomla)