漏洞类别:CGI
漏洞等级: 
漏洞信息
Joomla! is a free and open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization.
Joomla! contains the following vulnerabilities:
CVE-2017-7983: Mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVE-2017-7985: Inadequate filtering of multibyte characters leads to XSS vulnerabilites in various components.
CVE-2017-7986: Inadequate filtering of specific HTML attributes leads to XSS vulnerabilites in various components.
Affected Versions:
Joomla! 1.5.0 through 3.6.5
漏洞危害
Depending on the vulnerability being exploited, a remote attacker could conduct cross-site scripting attacks or gain access to sensitive information on a targeted system.
解决方案
Customers are advised to update to Joomla! 3.7.0 or later versions to fix this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论