WISSENSWERT

Websites - Kein Medium sonst, bietet ein derart breites Spektrum an Kommunikations­kanälen
Websites sind schlichtweg essenzieller und integraler Bestandteil moderner Kommunikation ...
40%-55% aller Internetsurfer sind heute mit mobilen Endgeräten im Netz.
Das Internet ist dynamisches Wissen. Es gilt : Existenz durch Informationspräsenz.
Es spielt eben doch eine Rolle, ob Ihr Unternehmen auch im Internet vertreten ist oder nicht!
Websites sind eine jederzeit leicht verfügbare Quelle an Information für Interessenten. Nutzen Sie
Joomla! - CMS für einfache Webseiten bis zu komplexen E-Commerce oder Social Marketing Sites für M
Minimalism is more than leaving stuff out, in fact ... minimalism is a state of mind.
Sich Informationen aus dem Netz zu beschaffen ist gewöhnliche Alltagshandlung ... Stehen Sie berei

Joomla! Developer News

  1. Joomla! 6.0 Beta 3 - Finishing line in sight

    Joomla! 6 Beta 3

    The Joomla! Project is pleased to announce the availability of the first Joomla 6.0 Beta 3 for testing.

  2. Joomla! 5.4.0 Beta 3 - Getting closer to the finish line

    Joomla 5.4 Beta 3

    The Joomla! Project is pleased to announce the availability of the first Joomla 5.4 Beta 3 for testing.

  3. Joomla! 6.0 Beta 2 - Test, test and test again

    Joomla! 6 Beta 2

    The Joomla! Project is pleased to announce the availability of the first Joomla 6.0 Beta 2 for testing.

  4. Joomla! 5.4.0 Beta 2 - Another step forward

    Joomla 5.4 Beta 2

    The Joomla! Project is pleased to announce the availability of the first Joomla 5.4 Beta 2 for testing.

  5. Joomla! 6.0 Beta 1 - Feature Freeze! See what made it.

    Joomla! 6 Beta 1

    The Joomla! Project is pleased to announce the availability of the first Joomla 6.0 Beta 1 for testing.

Joomla! Security Announcements

  • [20250901] - Core - Inadequate content filtering within the checkAttribute filter code
    30 September 2025
    • Project: Joomla! / Joomla! Framework
    • SubProject: CMS / filter
    • Impact: Moderate
    • Severity: Moderate
    • Probability: Moderate
    • Versions: 3.0.0-3.10.20-elts, 4.0.0-4.4.13, 5.0.0-5.3.3
    • Exploit type: XSS
    • Reported Date: 2025-08-03
    • Fixed Date: 2025-09-30
    • CVE Number: CVE-2025-54476

    Description

    Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.

    Affected Installs

    Joomla! CMS versions 3.0.0-3.10.20-elts, 4.0.0-4.4.13, 5.0.0-5.3.3

    Solution

    Upgrade to version 4.4.14 or 5.3.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Flydragon, Poi, Cwy, Xtrimi
  • [20250902] - Core - User-Enumeration in passkey authentication method
    30 September 2025
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Probability: Low
    • Versions: 4.0.0-4.4.13, 5.0.0-5.3.3
    • Exploit type: User Enumeration
    • Reported Date: 2025-09-04
    • Fixed Date: 2025-09-30
    • CVE Number: CVE-2025-54477

    Description

    Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.

    Affected Installs

    Joomla! CMS versions 4.0.0-4.4.13, 5.0.0-5.3.3

    Solution

    Upgrade to version 4.4.14 or 5.3.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Marco Schubert
  • [20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package
    02 April 2025
    • Project: Joomla!
    • SubProject: Framework
    • Impact: High
    • Severity: Low
    • Probability: Low
    • Versions:1.0.0-2.1.1, 3.0.0-3.3.1
    • Exploit type: SQL Injection
    • Reported Date: 2025-03-17
    • Fixed Date: 2025-04-02
    • CVE Number: CVE-2025-25226

    Description

    Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package.

    Affected Installs

    Database Package version: 1.0.0-2.1.1, 3.0.0-3.3.1

    Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.

    Solution

    Upgrade to version 2.2.0 or 3.4.0

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Nicholas K. Dionysopoulos, akeeba.com
  • [20250402] - Core - MFA Authentication Bypass
    02 April 2025
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Moderate
    • Probability: Moderate
    • Versions:4.0.0 - 4.4.12, 5.0.0 - 5.2.5
    • Exploit type: Authentication Bypass
    • Reported Date: 2025-03-20
    • Fixed Date: 2025-04-08
    • CVE Number: CVE-2025-25227

    Description

    Insufficient state checks lead to a vector that allows to bypass 2FA checks.

    Affected Installs

    Joomla! CMS versions: 4.0.0 - 4.4.12, 5.0.0 - 5.2.5

    Solution

    Upgrade to version 4.4.13 or 5.2.6

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By:  Undisclosed Reporter