Should I worry about these?

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
User avatar
spikespiegel
Joomla! Explorer
Joomla! Explorer
Posts: 283
Joined: Sat Jan 22, 2011 4:34 am
Contact:

Should I worry about these?

Post by spikespiegel » Sun Feb 04, 2018 3:20 am

Got this mail from my hosting:

Hello,


InterServer has detected and patched software vulnerabilities in PHP scripts on your web hosting package. To prevent system abuse resulting from exploitation of these vulnerabilities, our system has automatically fixed these issues for you. This concerns the following vulnerabilities:

Code injection vulnerability in Joomla (The lack of type casting of a variable in SQL statement lead to a SQL injection vulnerability in the Hathor postinstall message.)
/home/WEBSITEPATH/public_html/administrator/templates/hathor/postinstall/hathormessage.php
Code injection vulnerability in Joomla (The lack of type casting of a variable in SQL statement lead to a SQL injection vulnerability in the Hathor postinstall message.)
/home/WEBSITEPATH/fotocash.WEBSITEPATH.com.br/administrator/templates/hathor/postinstall/hathormessage.php
Code injection vulnerability in Joomla (Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.)
/home/WEBSITEPATH/public_html/libraries/src/Uri/Uri.php
Code injection vulnerability in Joomla (Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.)
/home/WEBSITEPATH/fotocash.WEBSITEPATH.com.br/libraries/src/Uri/Uri.php
XSS vulnerability in Joomla (Inadequate input filtering in com_fields lead to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.)
/home/WEBSITEPATH/public_html/administrator/components/com_fields/libraries/fieldslistplugin.php
XSS vulnerability in Joomla (Inadequate input filtering in com_fields lead to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.)
/home/WEBSITEPATH/fotocash.WEBSITEPATH.com.br/administrator/components/com_fields/libraries/fieldslistplugin.php
XSS vulnerability in Joomla (Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.)
/home/WEBSITEPATH/public_html/templates/system/html/modules.php
XSS vulnerability in Joomla (Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.)
/home/WEBSITEPATH/fotocash.WEBSITEPATH.com.br/templates/system/html/modules.php
XSS vulnerability in Joomla (Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.)
/home/WEBSITEPATH/public_html/templates/protostar/html/modules.php
XSS vulnerability in Joomla (Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.)
/home/WEBSITEPATH/fotocash.WEBSITEPATH.com.br/templates/protostar/html/modules.php
Vulnerabilities such as these can allow third parties to access your web hosting package and abuse this through e.g. uploading malware for various purposes. We strongly recommend you check the entire web hosting package for other files that appear out of place, which our detection system might have missed.

For further information please see https://www.interserver.net/tips/kb/mal ... d-hosting/ or contact support@interserver.net


Regards,

InterServer, Inc

Is there anything to worry about?

All alerts are related to joomla Core files.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 24984
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Should I worry about these?

Post by Per Yngve Berg » Sun Feb 04, 2018 8:25 am

Have you updated your Joomla to 3.8.4?

https://www.joomla.org/announcements/re ... lease.html

User avatar
spikespiegel
Joomla! Explorer
Joomla! Explorer
Posts: 283
Joined: Sat Jan 22, 2011 4:34 am
Contact:

Re: Should I worry about these?

Post by spikespiegel » Sun Feb 04, 2018 6:53 pm

No I haven't. I'll check it out.

User avatar
AMurray
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4047
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Should I worry about these?

Post by AMurray » Thu Feb 08, 2018 9:40 pm

Make that v3.8.5 now, released this week, since Per Ygnve Berg's response above.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
spikespiegel
Joomla! Explorer
Joomla! Explorer
Posts: 283
Joined: Sat Jan 22, 2011 4:34 am
Contact:

Re: Should I worry about these?

Post by spikespiegel » Thu Feb 08, 2018 10:59 pm

Done.


Post Reply

Return to “Security in Joomla! 3.x”