<?php
$html = '<ul class="newsfeed">
<li>
<span class="feed-link">
<a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/GIZJHbqr1wQ/797-20191202-core-various-sql-injections-through-configuration-parameters.html" target="_blank">
[20191202] - Core - Various SQL injections through configuration parameters</a></span>
<div class="feed-item-date">
16 December 2019 </div>
<div class="feed-item-description">
<ul>
<li><strong>Project:</strong> Joomla!</li>
<li><strong>SubProject:</strong> CMS</li>
<li><strong>Impact:</strong> <span class="label label-danger">High</span></li>
<li><strong>Severity:</strong> <span class="label label-info">Low</span></li>
<li><strong>Versions:</strong> 2.5.0 - 3.9.13</li>
<li><strong>Exploit type:</strong> SQL injection</li>
<li><strong>Reported Date:</strong> 2019-December-01</li>
<li><strong>Fixed Date:</strong> 2019-December-17</li>
<li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19846">CVE-2019-19846</a></li>
</ul>
<h3>Description</h3>
<p>The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 2.5.0 - 3.9.13</p>
<h3>Solution</h3>
<p>Upgrade to version 3.9.14</p>
<h3>Contact</h3>
<p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p>
<div class="alert alert-info"><strong>Reported By: </strong>ka1n4t</div><div class="feedflare">
<a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=GIZJHbqr1wQ:mKZamezlv3g:yIl2AUoC8zA"></a>
</div> </div>
</li>
<li>
<span class="feed-link">
<a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/_fWsZ57Sw7g/796-20191201-core-path-disclosure-in-framework-files.html" target="_blank">
[20191201] - Core - Path Disclosure in framework files</a></span>
<div class="feed-item-date">
16 December 2019 </div>
<div class="feed-item-description">
<ul>
<li><strong>Project:</strong> Joomla!</li>
<li><strong>SubProject:</strong> CMS</li>
<li><strong>Impact:</strong> Low</li>
<li><strong>Severity:</strong> <span class="label label-info">Low</span></li>
<li><strong>Versions:</strong> 3.8.0 - 3.9.13</li>
<li><strong>Exploit type:</strong> Path Disclosure</li>
<li><strong>Reported Date:</strong> 2019-November-22</li>
<li><strong>Fixed Date:</strong> 2019-December-17</li>
<li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19845">CVE-2019-19845</a></li>
</ul>
<h3>Description</h3>
<p>Missing access check in framework files could lead to a path disclosure.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.8.0 - 3.9.13</p>
<h3>Solution</h3>
<p>Upgrade to version 3.9.14</p>
<h3>Contact</h3>
<p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p>
<div class="alert alert-info"><strong>Reported By: </strong>Lee Thao, Viettel Cyber Security</div><div class="feedflare">
<a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=_fWsZ57Sw7g:uVTwWaDiNQ0:yIl2AUoC8zA"></a>
</div> </div>
</li>
<li>
<span class="feed-link">
<a href="https://feeds.joomla.org/~r/JoomlaSecurityNews/~3/Zi-lVuM4KoY/795-20191002-core-path-disclosure-in-phpuft8-mapping-files.html" target="_blank">
[20191002] - Core - Path Disclosure in phpuft8 mapping files</a></span>
<div class="feed-item-date">
05 November 2019 </div>
<div class="feed-item-description">
<ul>
<li><strong>Project:</strong> Joomla!</li>
<li><strong>SubProject:</strong> CMS</li>
<li><strong>Impact:</strong> Low</li>
<li><strong>Severity:</strong> <span class="label label-info">Low</span></li>
<li><strong>Versions:</strong> 3.6.0 - 3.9.12</li>
<li><strong>Exploit type:</strong> Path Disclosure</li>
<li><strong>Reported Date:</strong> 2019-November-01</li>
<li><strong>Fixed Date:</strong> 2019-November-05</li>
<li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18674">CVE-2019-18674</a></li>
</ul>
<h3>Description</h3>
<p>Missing access check in the phputf8 mapping files could lead to an path disclosure.</p>
<h3>Affected Installs</h3>
<p>Joomla! CMS versions 3.6.0 - 3.9.12</p>
<h3>Solution</h3>
<p>Upgrade to version 3.9.13</p>
<h3>Contact</h3>
<p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p>
<div class="alert alert-info"><strong>Reported By: </strong>Phil Taylor</div><div class="feedflare">
<a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=Zi-lVuM4KoY:eFsJw4QiCW0:yIl2AUoC8zA"></a>
</div> </div>
</li>
</ul>';
$doc = new DOMDocument();
$doc->loadHTML($html);
$xpath = new DOMXPath($doc);
$feed_items = $xpath->query('//div[contains(@class, "feed-item-description")]');
foreach ($feed_items as $feed_item) {
$impact_node = $xpath->query('*/li[contains(string(), "Impact:")]', $feed_item);
echo "Impact: " . str_replace('Impact: ', '', $impact_node->item(0)->textContent);
echo "\n";
$severity_node = $xpath->query('*/li[contains(string(), "Severity:")]/span[contains(@class, "label-info")]', $feed_item);
echo "Severity: " . $severity_node->item(0)->textContent . "\n";
}
- Output for git.master, git.master_jit, rfc.property-hooks
- Impact: High
Severity: Low
Impact: Impact: Low
Severity: Low
Impact: Impact: Low
Severity: Low
This tab shows result from various feature-branches currently under review by the php developers. Contact me to have additional branches featured.
Active branches
Archived branches
Once feature-branches are merged or declined, they are no longer available. Their functionality (when merged) can be viewed from the main output page
preferences:
62.67 ms | 401 KiB | 8 Q