WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla! Core Security Bypass

Description

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain control over the CMS installer. Joomla! Core versions ranging from 1.0.0 and up to and including 3.7.3 are vulnerable.

Remediation

Upgrade to version 3.7.4 or higher.

References

Joomla! Security Announcement 20170704

Related Vulnerabilities

WordPress Plugin Woocommerce Category Banner Management Security Bypass (1.1.1)

WordPress Plugin Frontend File Manager Multiple Vulnerabilities (18.2)

Rails application running in development mode

WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)

WordPress Plugin Visual Link Preview Security Bypass (2.2.2)

Severity

High

Classification

CVE-2017-11364 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation Authentication Bypass