Serious Vulnerability Ignored By Joomla Developers?

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
MK1
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Oct 12, 2017 8:21 am

Serious Vulnerability Ignored By Joomla Developers?

Post by MK1 » Thu Oct 28, 2021 8:54 pm

So guys I came across this interesting article by someone who clearly knows his stuff, what alarms me is the statement and claims he is making, but I have to admit it makes sense, 5 of my ownclients have been exposed to this attack and dealing with it is a nightmare. Why would Joomla developers ignore this?

https://onlinecommunityhub.nl/best-prac ... o-about-it

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13975
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Serious Vulnerability Ignored By Joomla Developers?

Post by toivo » Thu Oct 28, 2021 10:30 pm

The Modern routing and the option 'Remove IDs from URLs' have been available in Joomla 3.x from Articles: Options - Integration since Joomla 3.8 four years ago. In Joomla 4 there is only one router and Joomla 4 sets the option 'Remove IDs from URLs' by default.

Joomla developers have not ignored ths issue with IDs and fake URLs. In April it was discussed extensively in the Tracker thread [#32880] - [4] Modern routing, nonSEF & SEF urls alias manipulation and closed the same day.


Ref. https://docs.joomla.org/J3.x:New_Routing_System
Toivo Talikka, Global Moderator

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2391
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Serious Vulnerability Ignored By Joomla Developers?

Post by JAVesey » Sat Dec 04, 2021 10:42 am

1st post by what I suspect is a mischief-maker...

...suggest that the Moderators remove this thread.
John V
Cardiff, Wales, UK
Joomla 3.10.5 "live" and local (testing and backup) sites
Joomla 4.0.6 local site (testing!)
All on PHP8.0.14

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4519
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Serious Vulnerability Ignored By Joomla Developers?

Post by gws » Sat Dec 04, 2021 3:24 pm

JAVesey wrote:
Sat Dec 04, 2021 10:42 am
1st post by what I suspect is a mischief-maker...

...suggest that the Moderators remove this thread.
+1


Post Reply

Return to “Security in Joomla! 3.x”