logo
 
  1. Webseiten erstellen >
  2. Joomla

Was ist Joomla?

Joomla dient in erster Linie der Erstellung von Webseiten mit veränderlichen, d. h. dynamischen Inhalten, die von mehreren Personen ohne vertiefte Kenntnisse über Webseitenerstellung editiert werden können. Dabei wird innerhalb von Joomla zwischen drei Ebenen streng unterschieden: der funktionellen Struktur, den eigentlichen Seiteninhalten und dem Layout.

Die Einrichtung der funktionellen Struktur, häufig mit dem englischen Begriff management bezeichnet, ist aufwändig und setzt profunde Kenntnisse voraus. Sie liegt daher häufig in den Händen einer entsprechend ausgebildeten Einzelperson, die als Administrator bezeichnet wird. Dieser muss Joomla auf einem Webserver installieren, üblicherweise einem Apache-Webserver, außerdem wird ein MySQL-Datenbank-Server benötigt.

Joomla Webseitenerstellung

Wir bieten Joomla Dienstleistungen an für 30,- Euro.

Joomla Webseite erstellen. Webseitenerstellung Kosten zwischen 500- Euro und 900,- Euro inkl. Schulung über die Grundlagen der Bedienung.

Nehmen Sie Kontakt mit uns über Telefon 0441-2333305 (Mo. - Fr. 9 Uhr - 17 Uhr) in Oldenburg auf, oder per Email an info@php-consulting.com (24/7).

Joomla News

Joomla! 3.7.2 Release

Joomla 3.7.2

Joomla! 3.7.2 is now available. This is a bug fix release for the 3.x series of Joomla. This release fixes some bugs in file mime checks, module page filtering as well as some other bugs and several other minor improvements.

This release only contains bug fixes that were inadvertently introduced in recent version and is focused on stabilising the 3.7 series by rectifying them.

Datum: 23.05.2017 | 10:00

Joomla! 3.7.1 Release

Joomla 3.7.1

Joomla! 3.7.1 is now available. This is a security release for the 3.x series of Joomla! which addresses one critical security vulnerability and several bug fixes. We strongly recommend that you update your sites immediately.

Datum: 17.05.2017 | 14:00

Joomla! 3.7.1 - Important Security Announcement - Patch Available Soon

A Joomla! 3.7.1 release containing a security fix will be published on Wednesday 17th May at approximately 14:00 UTC.

The Joomla! Security Strike Team (JSST) has been informed of a critical security issue in the Joomla! core.

Since this is a very important security fix, please be prepared to update your Joomla! installations next Wednesday.

Until the release is out, please understand that we cannot provide any further information.

Please note: the upcoming release candidates of 3.7.1 this afternoon will not include the security fix.

Datum: 12.05.2017 | 13:20

Joomla! 3.7 is HERE

Joomla 37

The Joomla! Project is proud to announce the release of Joomla! 3.7, the latest in the ‘Joomla! 3’ series. This new release features over 700 improvements to the popular CMS, including many features which make administration of Joomla! Web sites easier and more feature-rich, as well as several security updates.

Datum: 25.04.2017 | 08:00

Joomla’s Homepage Gets A Fresh Look

joomla homepage redesign

We are pleased to announce the launch of the brand new design of the joomla.org homepage! And it’s not only about a new design, the content has been refreshed to make it easy to discover the Joomla! World and more easily find the information you may need.

Datum: 19.03.2017 | 08:00

The next version of Joomla! is just around the corner

Joomla 3.7 is coming soon

With over 700 improvements, including fantastic new features like custom fields, a multilingual association manager and an improved workflow, Joomla! 3.7 is clearly something to celebrate and it is easy to see why it has the Joomla! Community very excited.

Datum: 8.03.2017 | 08:00

Joomla! 3.6.5 Released

Joomla 3.6.5

Joomla! 3.6.5 is now available. This is a security release for the 3.x series of Joomla! which addresses three security vulnerabilities, miscellaneous security hardening and three bug fixes; no further changes have been made compared to the Joomla! 3.6.4 release. We strongly recommend that you update your sites.

Joomla Security Release

What's in 3.6.5

Version 3.6.5 is released to address three security issues, miscellaneous security hardening and three bugs.

Security Issues Fixed

Bug Fixes

  • [#12817] Fix Joomla Updater for Windows Users
  • [#12984] Fix installation language for sr-YU
  • [#12589] and [#13127] Fix default values for user creation on installation

Please see the documentation wiki for FAQ’s regarding the 3.6.5 release.

Datum: 13.12.2016 | 23:00

Road to Joomla! 3.7

Road to Joomla! 3.7

Over the last weeks we have sent mixed messages about Joomla! 3.7 and what will be included in the final version. Without having an alpha/beta version published this is always complicated but with this post we are trying to clear the air.

 

Datum: 18.11.2016 | 14:06

Joomla Security

[20170501] - Core - SQL Injection

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.7.0
  • Exploit type: SQL Injection
  • Reported Date: 2017-May-11
  • Fixed Date: 2017-May-17
  • CVE Number: CVE-2017-8917

Description

Inadequate filtering of request data leads to a SQL Injection vulnerability.

Affected Installs

Joomla! CMS versions 3.7.0

Solution

Upgrade to version 3.7.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Marc-Alexandre Montpas / sucuri.net

Datum: 17.05.2017 | 14:00

[20170408] - Core - Information Disclosure

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.4.0 through 3.6.5
  • Exploit type: Information Disclosure
  • Reported Date: 2016-Feb-06
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-8057

Description

Multiple files caused full path disclosures on systems with enabled error reporting.

Affected Installs

Joomla! CMS versions 3.4.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Sim of tencent security

Datum: 25.04.2017 | 15:30

[20170407] - Core - ACL Violations

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: ACL Violation
  • Reported Date: 2017-March-01
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7989

Description

Inadequate mime type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Abdullah Hussam

Datum: 25.04.2017 | 15:30

[20170406] - Core - ACL Violations

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.6.0 through 3.6.5
  • Exploit type: ACL Violation
  • Reported Date: 2016-April-29
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7988

Description

Inadequate filtering of form contents lead allow to overwrite the author of an article.

Affected Installs

Joomla! CMS versions 1.6.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: T-Systems Multimedia Solutions

Datum: 25.04.2017 | 15:30

[20170405] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2016-February-28
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7987

Description

Inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: David Jardin

Datum: 25.04.2017 | 15:30

[20170404] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2017-February-22
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7986

Description

Inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Fortinet's FortiGuard Labs

Datum: 25.04.2017 | 15:30

[20170403] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2017-March-21
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7985

Description

Inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Fortinet's FortiGuard Labs

Datum: 25.04.2017 | 15:30

[20170402] - Core - XSS Vulnerability

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 3.2.0 through 3.6.5
  • Exploit type: XSS
  • Reported Date: 2016-December-23
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7984

Description

Inadequate filtering leads to XSS in the template manager component.

Affected Installs

Joomla! CMS versions 3.2.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Chen Ruiqi, Codesafe team

Datum: 25.04.2017 | 15:30

[20170401] - Core - Information Disclosure

  • Project: Joomla!
  • SubProject: CMS
  • Severity: Low
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: Information Disclosure
  • Reported Date: 2017-Jan-02
  • Fixed Date: 2017-April-25
  • CVE Number: CVE-2017-7983

Description

Mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

Upgrade to version 3.7.0

Contact

The JSST at the Joomla! Security Centre.

Reported By: Conor McKnight

Datum: 25.04.2017 | 15:30

[20161205] - PHPMailer Security Advisory

  • Project: Joomla!
  • Severity: High
  • Versions: 1.5.0 through 3.6.5
  • Exploit type: Remote Code Execution in third-party PHPMailer library
  • CVE Numbers: CVE-2016-10033 and CVE-2016-10045
Note: This advisory was revised to reflect the addition of CVE-2016-10045 and the PHPMailer 5.2.20 release

Description

All versions of the third-party PHPMailer library distributed with Joomla! versions up to 3.6.5 are vulnerable to a remote code execution vulnerability. This is patched in PHPMailer 5.2.20 which will be included with Joomla! 3.7. After analysis, the JSST has determined that through correct use of the JMail class, there are additional validations in place which make executing this vulnerability impractical within the Joomla environment. As well, the vulnerability requires being able to pass user input to a message's "from" address; all places in the core Joomla API which send mail use the sender address set in the global configuration and does not allow for user input to be set elsewhere. However, extensions which bundle a separate version of PHPMailer or do not use the Joomla API to send email may be vulnerable to this issue.

Generally, the Joomla project does not issue advisories regarding third party libraries, however given the severity of this issue we felt it important to advise our users that we are aware of this issue and we have determined that the additional validations in our API prevent triggering this vulnerability.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.6.5

Solution

No action required for Joomla users, the updated library will be included in the next scheduled release and additional mechanisms exist in Joomla core to prevent triggering the vulnerability. Users of the PHPMailer library separate from Joomla are advised to upgrade to 5.2.20 or newer ASAP.

Additional Resources

Contact

The JSST at the Joomla! Security Centre.

Reported By: Dawid Golunski

Datum: 27.12.2016 | 02:00