[20151001] - Core - SQL Injection Inadequate filtering of request data leads to a SQL Injection vulnerability. Affected Installs: Joomla! CMS versions 3.2.0 through 3.4.4 Solution: Upgrade to version 3.4.5 Severity: High CVE Numbers: CVE-2015-7297, CVE-2015-7857, CVE-2015-7858 http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html In addition, two more security announcements with two more CVEs were issued (I'm not sure if these should be in the same bug, or separate bug reports): [20151003] - Core - ACL Violations Inadequate ACL checks in com_content provide potential read access to data which should be access restricted. Severity: Moderate CVE Number: CVE-2015-7899 http://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html [20151002] - Core - ACL Violations Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted. Severity: Moderate CVE Number: CVE-2015-7859 http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html
Fixed by version bump in commit b278d0e2f3a50cf0e0b2b9760a3e149a8c85316b.
