Joomla Security

by David Dwyer on 09/07/2015

Following up on our recent competency blog article about Joomla here is an example of what a competent Web Developer is signed up for to receive if they are managing Joomla websites.

Has your Joomla web developer been in touch to advise or have they dealt with or are they not even aware that the Security update has been released?

Joomla Security News

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.2.0 through 3.4.1
Exploit type: CSRF Protection
Reported Date: 2015-April-06
Fixed Date: 2015-June-30
CVE Number: tbd

Description

Lack of CSRF checks potentially enabled uploading malicious code.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.4.1

Solution

Upgrade to version 3.4.2

Joomla Security News

Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.0.0 through 3.4.1
Exploit type: Open Redirect
Reported Date: 2015-June-01
Fixed Date: 2015-June-30
CVE Number: tbd

Description

Inadequate checking of the return value allowed to redirect to an extern page.

Affected Installs

Joomla! CMS versions 3.0.0 through 3.4.1

Solution

Upgrade to version 3.4.2

David Dwyer is Managing Director of Inspire Web Development. He has years of experience in a range of web and IT roles plus seven years in sales and marketing in a blue-chip FMCG company. David’s academic and professional qualifications include a BA (Hons) in Business Economics (Personnel & Ergonomics) from the University of Paisley, an MSc in Information Technology (Systems) from Heriot-Watt University and PRINCE2 Practitioner-level certification. He is also an active member of the British Computer Society, Entrepreneurial Exchange and Business for Scotland.

Follow Inspire on Twitter @inspireltd and @developersos

Blogging, Customer Relationship Management, Cyber Security, Cyber Security Vulnerabilities, Developer SOS, Joomla, Security, Server, Server Security, Software as a Service Application Development, Web Consultancy, Website Support

0 COMMENTS

Interested in working with us?
Leave a comment

Microsoft Hololens: the future of computing?

Local Search

Microsoft Hololens: the future of computing?

Local Search

We regularly send out tips and guidance notes. Join our Mailing List and get our "Better Site Playbook"

FREE 20 MINUTE WEBSITE CONSULT

Unlike many web design or marketing agencies, we do not run automated software and send you out a long technical Website Review Report on what you or indeed your last developer have missed.

We recognise that the web is evolving at a tremendous pace, one real month is equal to one web year, so what was delivered just a few years ago, may very well be looking tired and dated.

At the four BNI Groups we are members of, we are fully signed up to Givers Gain and offer referral clients 20 minutes of our consultancy time (at no charge).

We cover a range of areas such as "What is the objective of your website?"; "What is your business model?"; "Who is your audience?"; then we can cover User eXperience; Usability; Site Analytics; Search Engine Optimisation (On-Site).

We know the value of both your and our time but we also know that we're keen to build relationships and this approach is the first building block in establishing that mutual trust and respect.