Joomla! 3.x < 3.9.4 Multiple Vulnerabilities
High Nessus Plugin ID 122814
SynopsisThe remote web server contains a PHP application that is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.9.4.
It is, therefore, affected by multiple vulnerabilities:
- A logic error exists in sample data plugins that allows remote attackers to gain unauthorized access to unspecified elements. (CVE-2019-9713)
- Multiple flaws exist in input-validation processes that allow an unauthenticated, remote attacker to carry out cross-site scripting (XSS) attacks. (CVE-2019-9711, CVE-2019-9712, CVE-2019-9714)
Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Joomla! version 3.9.4 or later.