In association with heise online

23 July 2009, 16:31

Security update for Joomla

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Joomla developers have announced the release of version 1.5.13 of their content management system (CMS). The security update addresses a critical vulnerability in the Tiny browser included with the TinyMCE 3.0 editor that could allow files to be uploaded or removed without a user needing to be logged in. Version 1.5.12 is affected. Additional details, however, have not been provided.

A moderate cross site scripting (XSS) issue has also been fixed that could cause some files to miss the JEXEC check, causing scripts to expose internal path information to the host. All 1.5.x versions up to and including 1.5.12 are affected. The 1.5.13 update addresses both of the issues.

In addition to fixing the security problems, the update includes 26 bug fixes. The developers advise all users to upgrade immediately.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit