Fortinet Discovers Joomla Proclaim Extension Cross-Site Request Forgery Vulnerability
Fortinet's FortiGuard Labs had discovered a Cross-Site Request Forgery (CSRF) vulnerability in Joomla Proclaim (formerly known as Joomla Bible Study) Extension.
Proclaim is a Joomla system of a component, modules, and plugins designed to help church put study or sermon notes online and connect to a multitude of media content.
A CSRF vulnerability had been discovered in Proclaim since version 9.0. The vulnerability is caused due to less protection in the media file upload process. It allows remote privileged attackers to launch CSRF attack against Proclaim users.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Apr 19, 2018
Upgrade to Proclaim v9.1.5 or higher version.
Fortinet reported the vulnerability to Proclaim development team on April 17, 2018.
Proclaim development team confirmed the vulnerability on April 18, 2018.
Proclaim development team patched the vulnerability on August 21, 2018.