Description

Joomla! Core is prone to a race condition, where a session which was expected to be destroyed would be recreated. Attackers can exploit this issue to perform unauthorized actions. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.8.7 are vulnerable.

Remediation

Update to Joomla! Core version 3.8.8 or latest

References

https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.html

Related Vulnerabilities

WordPress Plugin Relevant-Related Posts by BestWebSoft Cross-Site Scripting (1.0.7)

WordPress Plugin Booking Calendar-Appointment Booking-BookIt Unspecified Vulnerability (2.3.8)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2665)

Squid Out-of-bounds Read Vulnerability (CVE-2022-41318)

Drupal Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2022-31043)

Severity

High

Classification

CVE-2018-11324 CWE-362 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update