Description

Joomla! Core is prone to a race condition, where a session which was expected to be destroyed would be recreated. Attackers can exploit this issue to perform unauthorized actions. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.8.7 are vulnerable.

Remediation

Update to Joomla! Core version 3.8.8 or latest

References

https://developer.joomla.org/security-centre/735-20180507-core-session-deletion-race-condition.html

Related Vulnerabilities

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0607)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.67)

WordPress Plugin Async JavaScript Cross-Site Scripting (2.20.12.09)

WordPress Plugin WP Reroute Email SQL Injection (1.4.6)

WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)

Severity

High

Classification

CVE-2018-11324 CWE-362 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update