Joomla 5 Notice

We are pleased to announce that as of January 29, 2024, all of our Joomla extensions are compatible with Joomla 5.

For all who are still updateing from Joomla 3 to Joomla 4: Joomla 4 Migration instructions are available here:

There is now a separate Documentation for Visforms for Joomla 4 and for Visforms for Joomla 5!

Details: Published: 19 April 2023

Security Annoucement - SQL Injection

Project: Visforms für Joomla 3
Extension: com_visforms
Impact: Critical
Severity: High
Probability: Unkonwn
Versions: 3.8.0 - 3.14.10
Exploit type: SQL Injection
Reported Date: 2023-04-16
Fixed Date: 2023-04-19
CVE Number: CVE-2023-23753

Description

An improper use of input filter allows SQL-Injection.

Affected Installs

com_visforms versions 3.8.0 - 3.14.10.
Visforms Base Package 3.0.0 - 3.0.4 (Since version 3.14.6 com_visforms is part of the Visforms Base Package)

Solution

Upgrade to Visforms Base Package 3.0.5

Contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

Reported By: David Álvarez Robles from AliSEC Soluciones S.L.