News Feeds

Security Announcements

  1. [20180301] - Core - SQLi vulnerability User Notes
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.5.0 through 3.8.5
    • Exploit type: SQLi
    • Reported Date: 2018-March-08
    • Fixed Date: 2018-March-12
    • CVE Number: CVE-2018-8045

    Description

    The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the User Notes list view

    Affected Installs

    Joomla! CMS versions 3.5.0 through 3.8.5

    Solution

    Upgrade to version 3.8.6

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Entropy Moe
  2. [20180104] - Core - SQLi vulnerability in Hathor postinstall message
    • Project: Joomla!
    • SubProject: CMS
    • Impact: High
    • Severity: Low
    • Versions: 3.7.0 through 3.8.3
    • Exploit type: SQLi
    • Reported Date: 2017-November-17
    • Fixed Date: 2018-January-30
    • CVE Number: CVE-2018-6376

    Description

    The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.8.3

    Solution

    Upgrade to version 3.8.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Karim Ouerghemmi, ripstech.com
  3. [20180103] - Core - XSS vulnerability in Uri class
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 1.5.0 through 3.8.3
    • Exploit type: XSS
    • Reported Date: 2017-November-17
    • Fixed Date: 2018-January-30
    • CVE Number: CVE-2018-6379

    Description

    Inadequate input filtering in the Uri class (formerly JUri) leads to a XSS vulnerability.

    Affected Installs

    Joomla! CMS versions 1.5.0 through 3.8.3

    Solution

    Upgrade to version 3.8.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Octavian Cinciu
  4. [20180102] - Core - XSS vulnerability in com_fields
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.7.0 through 3.8.3
    • Exploit type: XSS
    • Reported Date: 2018-January-20
    • Fixed Date: 2018-January-30
    • CVE Number: CVE-2018-6377

    Description

    Inadequate input filtering in com_fields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox.

    Affected Installs

    Joomla! CMS versions 3.7.0 through 3.8.3

    Solution

    Upgrade to version 3.8.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: Benjamin Trenkle, JSST
  5. [20180101] - Core - XSS vulnerability in module chromes
    • Project: Joomla!
    • SubProject: CMS
    • Impact: Moderate
    • Severity: Low
    • Versions: 3.0.0 through 3.8.3
    • Exploit type: XSS
    • Reported Date: 2018-January-21
    • Fixed Date: 2018-January-30
    • CVE Number: CVE-2018-6380

    Description

    Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.

    Affected Installs

    Joomla! CMS versions 3.0.0 through 3.8.3

    Solution

    Upgrade to version 3.8.4

    Contact

    The JSST at the Joomla! Security Centre.

    Reported By: David Jardin, JSST

Daily Specials

Mondays

Tuesdays

Reflection Effect

Reflection script is incorporated in template. If you want an image to have it, use class "reflect" for your images. You can also control reflection's height and opacity.

Learn more about it here.

HOT Start

Follow our instructions to make a copy of this demo site to your server.

HOT Start! is available with each template. It allows you to create a copy of this demo.

Free Extension

Together with this template, you will get our Hot Photo Gallery Plugin ($9.95 value). It allows you to include series of images directly into your content pages. This plugin automatically creates thumbnails from your images. All you need to do is to select a folder with your images.

See it in action on this page

top