[20190801] - Core - Hardening com_contact contact form

#JUGL meetings are held on the 3rd Tuesday of each month

NEXT MEETING:

[20190801] - Core - Hardening com_contact contact form

Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.6.2 - 3.9.10
Exploit type: Incorrect Access Control
Reported Date: 2019-April-09
Fixed Date: 2019-August-13
CVE Number: CVE-2019-XXXXX

Description

Inadequate checks in com_contact could allowed mail submission in disabled forms.

Affected Installs

Joomla! CMS versions 1.6.2 - 3.9.10

Solution

Upgrade to version 3.9.11

Contact

The JSST at the Joomla! Security Centre.

Reported By: Sergey Brester

Read more http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/H1jmq28mUAw/789-20190801-core-hardening-com-contact-contact-form.html

Launch a Full version of Joomla! for FREE (including hosting) Find out More