il folletto di casa - Security Announcements

Home
Folletti rigenerati

Experience the Future of Web Development

Our feature-rich platform is designed to empower you with the tools you need to create websites that stun, captivate, and engage.

Bootstrap 5 Integration

Seamlessly merge the power of Bootstrap 5 into your projects. Enjoy enhanced responsiveness and modern design, creating an optimal user experience across all devices.

Flexible Layout

Empower your creativity with GK Blank's flexible layout. Customize and arrange content effortlessly, ensuring every website is unique and tailored to your vision.

Megamenu

Elevate navigation with GK Blank's intuitive megamenu feature. Craft user-friendly menus that enable seamless exploration of your site's offerings.

New Theme Color

Immerse your audience in a new world of aesthetics. GK Blank introduces a captivating color scheme that breathes life into your website's design.

Font Management

Shape your website's personality with ease. GK Blank's font management tools allow you to choose, customize, and maintain consistent typography across your entire site.

Performance Optimized

Speed matters. GK Blank is meticulously optimized for exceptional performance, ensuring rapid loading times and a flawless browsing experience.
Ricambi
Accessori
Joomla layouts

Featured Articles
Category List
List All Categories
Blog Standard
Joomla! pages

Search
List all Tags
Privacy
Tags
User menu

Login
Registration Form
Password Reset
Username Reminder
Servizi
Contatti
Intevista

Security Announcements

[20250301] - Core - Malicious file uploads via Media Manager
- Project: Joomla!
- SubProject: CMS
- Impact: Critical
- Severity: Low
- Probability: Low
- Versions:4.0.0-4.4.11, 5.0.0-5.2.4
- Exploit type: Malicious file upload
- Reported Date: 2025-02-25
- Fixed Date: 2025-03-10
- CVE Number: CVE-2025-22213
Description

Inadequate checks in the Media Manager allowed users with "edit" privileges to create executable PHP files.

Affected Installs

Joomla! CMS versions 4.0.0-4.4.11, 5.0.0-5.2.4

Solution

Upgrade to version 4.4.12 or 5.2.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: ErPaciocco
[20250103] - Core - Read ACL violation in multiple core views
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Probability: Low
- Versions:3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2
- Exploit type: ACL Violation
- Reported Date: 2024-08-26
- Fixed Date: 2025-01-07
- CVE Number: CVE-2024-40749
Description

Improper Access Controls allows access to protected views.

Affected Installs

Joomla! CMS versions 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2

Solution

Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Dominik Ziegelmüller
[20250201] - Core - SQL injection vulnerability in Scheduled Tasks component
- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Probability: Low
- Versions:4.1.0-4.4.10, 5.0.0-5.2.3
- Exploit type: SQL Injection
- Reported Date: 2024-12-10
- Fixed Date: 2025-02-18
- CVE Number: CVE-2025-22207
Description

Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler

Affected Installs

Joomla! CMS versions 4.1.0-4.4.10, 5.0.0-5.2.3

Solution

Upgrade to version 4.4.11 or 5.2.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Calum Hutton, snyk.io
[20250102] - Core - XSS vector in the id attribute of menu lists
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Probability: Low
- Versions:3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2
- Exploit type: XSS
- Reported Date: 2024-09-19
- Fixed Date: 2025-01-07
- CVE Number: CVE-2024-40748
Description

Lack of output escaping in the id attribute of menu lists.

Affected Installs

Joomla! CMS versions 3.0.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2

Solution

Upgrade to version 3.10.20-elts, 4.4.10 or 5.2.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Lokesh Dachepalli
[20250101] - Core - XSS vectors in module chromes
- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Moderate
- Probability: Low
- Versions:4.0.0-4.4.9, 5.0.0-5.2.2
- Exploit type: XSS
- Reported Date: 2024-08-29
- Fixed Date: 2025-01-07
- CVE Number: CVE-2024-40747
Description

Various module chromes didn't properly process inputs, leading to XSS vectors.

Affected Installs

Joomla! CMS versions 4.0.0-4.4.9, 5.0.0-5.2.2

Solution

Upgrade to version 4.4.10 or 5.2.3

Contact

The JSST at the Joomla! Security Centre.

Reported By: Catalin Iovita