The security team of Joomla has issued a new update that will close 5 Vulnerabilities!

Until the version of the Joomla 3.8.12, for example, hackers can Run damage code through the internal update area! Hackers can also register easily until you register with the 3.8.12 and obtain unlocking! What madness that Joomla remains one of the most unsafe CMS systems! The following CVEs were then classified as low, but only a few hours after publication, we were able to detect quite massive attacks on a customer web space with Joomla 3.8.12 that even led to a CPU-Durer load!

If you don't have a maintenance contract, you should urgently update you to date! Please also remember plugins and themes etc. With data!

If you want to separate from Joomla, we recommend that you
Prima-website builder

We are already converting various projects to the PWB, as it creates flawless pages that can no longer be hacked and where we don't have to carry out constant updates! Even large database projects, such as Europaladies.com, can be changed! If you have any questions, please get in touch with us!

Here are the CVE numbers and a short info on the Vulnerabilities:

CVE-2018-17859 Inadequate checks in com _ contact could allowed mail submission in disabled forms

CVE-2018-17856 Joomla's com _ joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com _ joomlaupdate and trigger a code execution.

CVE-2018-17857 Inadequate checks on the tags search fields can lead to an access level violation.

CVE-2018-17855 In case that an an attacker gets access to the mail account of an user who can approve admin verifications in the registration process he can activate himself.

CVE-2018-17858 Added additional CSRF hardening in com _ installer actions in the backend.