Joomla! XSS turns users to admins

Affects versions up to 1.70

Multiple cross site scripting (XSS) vulnerabilities have been discovered in content management system Joomla!.

The attacks require user login and allow users to impersonate administrator functions.

Three vulnerabilities affect core components of Joomla! version 1.70 and below and were found by the Burma-based YEHG hacking group.

The vulnerabilities were patched in Joomla! version 1.71.

One XSS vulnerability, which uses the searchword parameter, was previously reported to Joomla! but was not “completely” fixed, the hacking group said.

More information is available on the websites of YEGH and Joomla!

Got a news tip for our journalists? Share it with us anonymously here.

Tags:

WA govt puts $8m towards ehealth record system planning

Uber rides take hit globally but food delivery business doubles

NSW reveals strategy for smart places and infrastructure

Trump issues orders for US ban on WeChat, TikTok

CSIRO maps 1.7m paddocks using AI

Joomla! XSS turns users to admins

Affects versions up to 1.70

Most Read Articles

Inside NEXTDC's new Sydney data centre, S2

'Natural radiation event' knocks NBN Sky Muster satellite offline

'Massive messaging storm' takes out Telstra's DNS infrastructure

Telstra sells Clayton data centre complex for $416m

Whitepapers from our sponsors

Events

Most popular tech stories

Inside NEXTDC's new Sydney data centre, S2

'Natural radiation event' knocks NBN Sky Muster satellite offline

'Massive messaging storm' takes out Telstra's DNS infrastructure

Telstra sells Clayton data centre complex for $416m

Travel giant CWT pays $6.3m ransom to cyber criminals

Behind the scenes at NextDC's S2 data centre

NTT Ltd. names Tania Balcombe as new ANZ chief

Dell hit with new layoffs, says cuts unrelated to COVID-19

JB Hi-Fi to temporarily shutter Victorian stores tomorrow

Meet the 2020 CRN Channel Chiefs!

How long will a UPS keep your computers on if the lights go out?

Ten ways to speed up your laptop

How do I make sure my email is properly synced between all my computers?

Business Continuity Management (BCM): Why You Must Refresh Your Strategy Now

How to recover deleted emails in Gmail

The 2020 IoT Festival is moving online in September

What is an 'intelligent' edge gateway?

NSW Government launches NSW Spatial Digital Twin

Meet the Australian electronics manufacturer that sidestepped the lockdown

Australian company sees market for COVID-19 contact tracing tool for businesses

Joomla! XSS turns users to admins

Affects versions up to 1.70

Most Read Articles

Inside NEXTDC's new Sydney data centre, S2

'Natural radiation event' knocks NBN Sky Muster satellite offline

'Massive messaging storm' takes out Telstra's DNS infrastructure

Telstra sells Clayton data centre complex for $416m

Whitepapers from our sponsors

Events

Most popular tech stories

Inside NEXTDC's new Sydney data centre, S2

'Natural radiation event' knocks NBN Sky Muster satellite offline

'Massive messaging storm' takes out Telstra's DNS infrastructure

Telstra sells Clayton data centre complex for $416m

Travel giant CWT pays $6.3m ransom to cyber criminals

Behind the scenes at NextDC's S2 data centre

NTT Ltd. names Tania Balcombe as new ANZ chief

Dell hit with new layoffs, says cuts unrelated to COVID-19

JB Hi-Fi to temporarily shutter Victorian stores tomorrow

Meet the 2020 CRN Channel Chiefs!

How long will a UPS keep your computers on if the lights go out?

Ten ways to speed up your laptop

How do I make sure my email is properly synced between all my computers?

Business Continuity Management (BCM): Why You Must Refresh Your Strategy Now

How to recover deleted emails in Gmail

The 2020 IoT Festival is moving online in September

What is an 'intelligent' edge gateway?

NSW Government launches NSW Spatial Digital Twin

Meet the Australian electronics manufacturer that sidestepped the lockdown

Australian company sees market for COVID-19 contact tracing tool for businesses

Log In