Joomla 4.2.6 contact form is prefilled with some dumb text

Discussion regarding Joomla! 4.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
vinns9
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue May 31, 2022 10:11 am

Joomla 4.2.6 contact form is prefilled with some dumb text

Post by vinns9 » Tue Jan 24, 2023 11:20 am

hi guys ,

im a little new here on joomla . can someone help me out a little https://imgur.com/a/9By3Sxw

i don't see those data in the backend ...what am i missing...

thank you and cheers
Ervin

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4963
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Joomla 4.2.6 contact form is prefilled with some dumb text

Post by gws » Tue Jan 24, 2023 11:30 am

Do other people see this or just you?

vinns9
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue May 31, 2022 10:11 am

Re: Joomla 4.2.6 contact form is prefilled with some dumb text

Post by vinns9 » Tue Jan 24, 2023 11:46 am

yes , every one that is accessing that contact form is seeing that .

does this mean that contact form has injected values to the database?

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4963
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Joomla 4.2.6 contact form is prefilled with some dumb text

Post by gws » Tue Jan 24, 2023 12:33 pm

It does sound like you may have been hacked...

vinns9
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue May 31, 2022 10:11 am

Re: Joomla 4.2.6 contact form is prefilled with some dumb text

Post by vinns9 » Tue Jan 24, 2023 12:50 pm

is there any way i can check in the correct database table?
the contact form is made out of Visforms, but im not sure where in the DB are the values that are displayed there, stored. any help would be appreciated :)

cheers
E.

gws
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4963
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:

Re: Joomla 4.2.6 contact form is prefilled with some dumb text

Post by gws » Tue Jan 24, 2023 1:08 pm

Sorry I thought it was joomla's contact form. I don't know Visforms so I cant guide you. I would ask the developers of Visiform first and if no joy then goto mysites.guru who will audit your site for hacks,the first audit is free.

vinns9
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue May 31, 2022 10:11 am

Re: Joomla 4.2.6 contact form is prefilled with some dumb text

Post by vinns9 » Wed Jan 25, 2023 1:07 pm

i had to restore from a clean backup. but im not sure how to protect my system from injecting into the contact form
the value that was used is : initial-value from the contact form(that would display with what you need to fill the field off) any suggestion on that? like a plugin or extension i can make use of?


Post Reply

Return to “Security in Joomla! 4.x”