Joomla 3.6.x < 3.9.7 Multiple Vulnerabilites

High Nessus Plugin ID 125923


A PHP application running on the remote web server is affected by multiple vulnerabilities.


According to its self-reported version, the instance of Joomla! running on the remote web server is 3.6.x prior to 3.9.7. It is, therefore, affected by the following vulnerabilities:
- Joomla versions 3.8.13 prior to 3.9.7 are affected by a vulnerability where a non-admin user may manipulate the update server URL of the com_joomlaupdate component. An authenticated, remote attacker could exploit this to cause an update to be pulled from a malicious server (CVE-2019-12764).

- Joomla versions 3.9.x prior to 3.9.7 are affected by a CSV injection vulnerability due to insufficient validation of user-supplied input. An unauthenticated, remote attacker may exploit this by submitting special characters to the com_actionlogs component. When the resulting CSV file produced by Joomla is opened by a spreadsheet program these special characters are interpretted as a formula (CVE-2019-12765).
- Joomla versions 3.6.x prior to 3.9.6 are affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session (CVE-2019-12766).

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Upgrade to Joomla! version 3.9.8 or later (Note: Joomla released security fixes for the above vulnerabilites in 3.9.7. However, this release introduced an additional bug so it is recommended to upgrade your installation to 3.9.8).

See Also

Plugin Details

Severity: High

ID: 125923

File Name: joomla_397.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 2019/06/14

Updated: 2019/10/18

Dependencies: 21142

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2019-12765

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:joomla:joomla\!

Required KB Items: installed_sw/Joomla!, www/PHP, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/06/11

Vulnerability Publication Date: 2019/06/11

Reference Information

CVE: CVE-2019-12764, CVE-2019-12765, CVE-2019-12766

BID: 108729, 108735, 108736