Advertisement

Joomla 3.9.26 Vulnerability Type : Unpatched Joomla! server

General questions relating to Joomla! 3.x.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Locked
fc338339
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Tue Jul 19, 2016 10:27 pm

Joomla 3.9.26 Vulnerability Type : Unpatched Joomla! server

Post by fc338339 » Sat Mar 18, 2023 1:34 am

Dear

Our Joomla version is 3.9.26. Due to our institution's server setting we can only apply the php version up to 5.6

Below image is the system information about our testing site

Recently we receive a scanning report and find a Vulnerability Type : "Unpatched Joomla! server"
Description of Vulnerability:
The use of unpatched version of Joomla! server may be susceptible to the risk posed by the following known vulnerabilities.

CVE-2021-26032, CVE-2021-26033, CVE-2021-26034, CVE-2021-26035, CVE-2021-26036, CVE-2021-26037, CVE-2021-26038, CVE-2021-26039

Suggested Actions:
It is recommended to upgrade the Joomla! server to the latest version to patch the vulnerabilities.

My Question :
Is there any Joomla 3.x version we can upgrade (under php 5.6) to solve this vulnerability ?

Thanks for your kind attention

Fion


Image
Last edited by toivo on Sat Mar 18, 2023 2:48 am, edited 1 time in total.
Reason: mod note: retitled - please read the forum rules about appropriate subject line from https://forum.joomla.org/viewtopic.php?f=8&t=65

Advertisement
User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 17904
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Joomla 3.9.26 Vulnerability Type : Unpatched Joomla! server

Post by toivo » Sat Mar 18, 2023 2:56 am

The minimum PHP version for Joomla 3.10.11 is PHP 5.3.10. Therefore you should be able to update the site to the latest Joomla 3.x version while still using PHP 5.6.

It is best to test the update first in an off-line development environment, for example using Wampserver in a Windows workstation. It is possible to install different versions of PHP to Wampserver as addons and switch between them while testing.

In the medium term, the institution should consider updating the web server so that it can run supported versions of PHP, starting with PHP 8.1.

Ref. Technical Requirements - Requirements for Joomla! 3.x
Toivo Talikka, Global Moderator

Advertisement

Locked

Return to “General Questions/New to Joomla! 3.x”