Joomla Security Announcements – Core – Information Disclosure

Joomla Security Announcements – Core – Information Disclosure
5 (100%) 4 votes
  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.7.0 through 3.8.1
  • Exploit type: Information Disclosure
  • Reported Date: 2017-May-17
  • Fixed Date: 2017-November-07
  • CVE Number: CVE-2017-16633

Description

A logic bug in com_fields exposed read-only information about a site’s custom fields to unauthorized users.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.1

Solution

Upgrade to version 3.8.2