@ 2020-01-04T00:07:26Z <?php
$html = '<ul class="newsfeed">
<li>
<span class="feed-link">
<a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/GIZJHbqr1wQ/797-20191202-core-various-sql-injections-through-configuration-parameters.html" target="_blank">
[20191202] - Core - Various SQL injections through configuration parameters</a></span>
<div class="feed-item-date">
16 December 2019 </div>
<div class="feed-item-description">
<ul>
<li><strong>Project:</strong> Joomla!</li>
<li><strong>SubProject:</strong> CMS</li>
<li><strong>Impact:</strong> <span class="label label-danger">High</span></li>
<li><strong>Severity:</strong> <span class="label label-info">Low</span></li>
<li><strong>Versions:</strong> 2.5.0 - 3.9.13</li>
<li><strong>Exploit type:</strong> SQL injection</li>
<li><strong>Reported Date:</strong> 2019-December-01</li>
<li><strong>Fixed Date:</strong> 2019-December-17</li>
<li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19846">CVE-2019-19846</a></li>
</ul>
<h3>Description</h3>
<p>The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.0 - 3.9.13</p>
<h3>Solution</h3>
<p>Upgrade to version 3.9.14</p>
<h3>Contact</h3>
<p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p>
<div class="alert alert-info"><strong>Reported By: </strong>ka1n4t</div><div class="feedflare">
<a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=GIZJHbqr1wQ:mKZamezlv3g:yIl2AUoC8zA"></a>
</div> </div>
</li>
<li>
<span class="feed-link">
<a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_fWsZ57Sw7g/796-20191201-core-path-disclosure-in-framework-files.html" target="_blank">
[20191201] - Core - Path Disclosure in framework files</a></span>
<div class="feed-item-date">
16 December 2019 </div>
<div class="feed-item-description">
<ul>
<li><strong>Project:</strong> Joomla!</li>
<li><strong>SubProject:</strong> CMS</li>
<li><strong>Impact:</strong> Low</li>
<li><strong>Severity:</strong> <span class="label label-info">Low</span></li>
<li><strong>Versions:</strong> 3.8.0 - 3.9.13</li>
<li><strong>Exploit type:</strong> Path Disclosure</li>
<li><strong>Reported Date:</strong> 2019-November-22</li>
<li><strong>Fixed Date:</strong> 2019-December-17</li>
<li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19845">CVE-2019-19845</a></li>
</ul>
<h3>Description</h3>
<p>Missing access check in framework files could lead to a path disclosure.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.8.0 - 3.9.13</p>
<h3>Solution</h3>
<p>Upgrade to version 3.9.14</p>
<h3>Contact</h3>
<p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p>
<div class="alert alert-info"><strong>Reported By: </strong>Lee Thao, Viettel Cyber Security</div><div class="feedflare">
<a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=_fWsZ57Sw7g:uVTwWaDiNQ0:yIl2AUoC8zA"></a>
</div> </div>
</li>
<li>
<span class="feed-link">
<a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/Zi-lVuM4KoY/795-20191002-core-path-disclosure-in-phpuft8-mapping-files.html" target="_blank">
[20191002] - Core - Path Disclosure in phpuft8 mapping files</a></span>
<div class="feed-item-date">
05 November 2019 </div>
<div class="feed-item-description">
<ul>
<li><strong>Project:</strong> Joomla!</li>
<li><strong>SubProject:</strong> CMS</li>
<li><strong>Impact:</strong> Low</li>
<li><strong>Severity:</strong> <span class="label label-info">Low</span></li>
<li><strong>Versions:</strong> 3.6.0 - 3.9.12</li>
<li><strong>Exploit type:</strong> Path Disclosure</li>
<li><strong>Reported Date:</strong> 2019-November-01</li>
<li><strong>Fixed Date:</strong> 2019-November-05</li>
<li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18674">CVE-2019-18674</a></li>
</ul>
<h3>Description</h3>
<p>Missing access check in the phputf8 mapping files could lead to an path disclosure.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.6.0 - 3.9.12</p>
<h3>Solution</h3>
<p>Upgrade to version 3.9.13</p>
<h3>Contact</h3>
<p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p>
<div class="alert alert-info"><strong>Reported By: </strong>Phil Taylor</div><div class="feedflare">
<a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=Zi-lVuM4KoY:eFsJw4QiCW0:yIl2AUoC8zA"></a>
</div> </div>
</li>
</ul>';
$doc = new DOMDocument();
$doc->loadHTML($html);
$xpath = new DOMXPath($doc);
$feed_items = $xpath->query('//div[contains(@class, "feed-item-description")]');
foreach ($feed_items as $feed_item) {
$impact_node = $xpath->query('*/li[contains(string(), "Impact:")]', $feed_item);
$impact = preg_replace('/Impact:\W*/', '', $impact_node->item(0)->textContent);
echo "Impact: " . $impact . "\n";
$severity_node = $xpath->query('*/li[contains(string(), "Severity:")]', $feed_item);
$severity = preg_replace('/Severity:\W*/u', '', $severity_node->item(0)->textContent);
echo "Severity: " . $severity . "\n";
}
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Output for 7.2.0 - 7.2.33 , 7.3.0 - 7.3.33 , 7.4.0 - 7.4.33 , 8.0.0 - 8.0.30 , 8.1.0 - 8.1.28 , 8.2.0 - 8.2.18 , 8.3.0 - 8.3.4 , 8.3.6 Impact: High
Severity: Low
Impact: Low
Severity: Low
Impact: Low
Severity: Low
Output for 8.3.5 Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
Impact: High
Severity: Low
Impact: Low
Severity: Low
Impact: Low
Severity: Low
preferences:dark mode live preview
158.91 ms | 402 KiB | 176 Q