Joomla! 3.6.x < 3.8.0 Multiple Vulnerabilities
Medium Web Application Scanning Plugin ID 98452
SynopsisJoomla! 3.6.x < 3.8.0 Multiple Vulnerabilities
DescriptionAccording to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities :
- A flaw exists related to SQL query handling that allows disclosure of article introduction text when such articles are in the archived state. Note that only versions 3.7.0 through 3.7.5 are affected by this flaw. (CVE-2017-14595)
- An input-validation flaw exists in the LDAP authentication plugin that allows disclosure of usernames and passwords. Note that Joomla! must be configured for LDAP authentication to be affected. (CVE-2017-14596)
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpdate to Joomla! version 3.8.0 or latest.