Add this rule to .htaccess to limit requests:
John immediately checked his sites and confirmed that one of his clients' sites was running Joomla 3.8.8. He quickly realized that the site was vulnerable to the exploit and could be compromised at any moment. joomla 3.8.8 exploit github
One of the most severe issues addressed was a vulnerability in the com_fields component. Inadequate filtering allowed authorized users to manipulate options and inject unvalidated input, potentially leading to RCE (CVE-2018-11321). Add this rule to
Inadequate filtering of file and folder names in the Media Manager allowed for multiple Cross-Site Scripting (XSS) attack vectors (CVE-2018-6378). The exploit was quickly picked up by malicious
While the researcher's intentions were good, the public disclosure of the exploit had unintended consequences. The exploit was quickly picked up by malicious actors, who used it to compromise vulnerable Joomla sites.
: Resolved an issue where the web installer would autofill and display the administrator's plaintext password during certain installation steps.
Several bugs allowed for the bypass of intended access restrictions, including unauthorized viewing of unpublished tags (CVE-2018-11327) and a race condition during session deletion. Finding Exploits and Tools on GitHub