Description

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently reset users password due to insufficient randomness. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.24 are vulnerable.

Remediation

Update to Joomla! Core version 1.5.25 or latest

References

https://developer.joomla.org/security-centre/375-20111103-core-password-change.html

Related Vulnerabilities

WordPress Plugin OSM-OpenStreetMap SQL Injection (6.0.2)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Unspecified Vulnerability (2.1.3)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Scripting (2.3.6)

Oracle JRE CVE-2012-1719 Vulnerability (CVE-2012-1719)

WordPress Plugin IGIT Related Posts With Thumb Image After Posts TimThumb Arbitrary File Upload (3.9.7)

Severity

High

Classification

CVE-2011-4321 CWE-310 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass