Joomla! fixed High Priority SQL Injection Vulnerability

Share if you likedShare on Facebook0Share on Google+1Tweet about this on TwitterShare on LinkedIn1

Joomla version 3.7.1 is now available. This is a security release for the 3.x series of Joomla! Which addresses one critical security flaw and several bug fixes.

Joomla is a free and open-source content management system (CMS) for publishing web content. It is built on a model–view–controller web application framework that can be used independently of the CMS. The CMS (Content Managment System) administrators recommend all users to update their sites immediately.

What is in version 3.7.1?
This release includes security and bug fixes; no other changes have been made compared to the version 3.7.0 release.

Security Issues Fixed
High Priority – Core – SQL Injection (affecting Joomla 3.7.0) – CVE-2017-8917

Fixed Bugs
– Fixed attribute checks in the new calendar.
– Inject the JInput dependency into the session handler.
– Fix b/c break in JMenuItem.
– Fix article ordering in the backend.
– Fix milliseconds handling in for PHP Versions lower to 7.1.0.
– JFilterInput adding byte offsets to character offset.
– Redirection fails on multiple status values produced by old FOF2 Extensions.
– Remove empty locked cache file if callback function terminates process.

You can visit GitHub for the full list of bug fixes.

Until now there are no technical details about the SQL injection vulnerability, but all Joomla users are strongly recommended to update the CMS to the latest release 3.7.1.

Share if you likedShare on Facebook0Share on Google+1Tweet about this on TwitterShare on LinkedIn1

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply

Advertisment ad adsense adlogger