CVE-2019-14654

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:joomla:joomla\!:3.9.7:-::::::
	cpe:2.3:a:joomla:joomla\!:3.9.7:rc::::::
	cpe:2.3:a:joomla:joomla\!:3.9.8:::::::*

History

No history.

Information

Published : 2019-08-05 01:15

Updated : 2023-12-10 12:59

NVD link : CVE-2019-14654

Mitre link : CVE-2019-14654

CVE.ORG link : CVE-2019-14654

JSON object : View

Products Affected

joomla

joomla\!

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-14654", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-08-05T01:15:10.657", "references": [{"url": "https://developer.joomla.org/security-centre/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9."}, {"lang": "es", "value": "cPanel anterior al versi\u00f3n 67.9999.103, permite que los archivos de registro del Servidor HTTP de Apache sean legibles en todo el mundo debido al manejo inapropiado de un cambio de nombre de cuenta (SEC-296)."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:3.9.7:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06D4F44E-C74E-4ED4-91AA-305FA35988D5"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.9.7:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2582B7EB-4EE5-40EE-8283-2EC2E176445B"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "883C5A8A-9049-481D-A649-9DB02A01D255"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}