WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla! 1.6/1.7/2.5 privilege escalation vulnerability

Description

Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having 'core.admin' privileges.

Remediation

Joomla! versions 1.0.x, 1.5.x, and 2.5.3+ are not vulnerable. No patch has been issued for 1.6.x or 1.7.x and users of these versions are strongly urged to upgrade to 2.5.3 immediately.

References

Joomla! 1.6/1.7/2.5 Privilege Escalation Vulnerability

Related Vulnerabilities

WordPress Plugin Premmerce Variation Swatches for WooCommerce Security Bypass (1.0)

WordPress Plugin Wordpress Poll SQL Injection (36)

WordPress Plugin Download Monitor SQL Injection (4.4.4)

WordPress Plugin LeagueManager Multiple SQL Injection Vulnerabilities (3.9.1.1)

WordPress Plugin Quttera Web Malware Scanner Security Bypass (3.0.8.65)

Severity

High

Classification

CVE-2012-1563 CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Privilege Escalation SQL Injection