Description

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain control over the CMS installer. Joomla! Core versions ranging from 1.0.0 and up to and including 3.7.3 are vulnerable.

Remediation

Upgrade to version 3.7.4 or higher.

References

Joomla! Security Announcement 20170704

Related Vulnerabilities

WordPress Plugin Pctags-Pinterest conversion tags for Pinterest Ads (advertising) + Event tracking + Site verification + WooCommerce Security Bypass (1.0.1)

Symfony web debug toolbar

Clickjacking: CSP frame-ancestors missing

WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Multiple Vulnerabilities (4.6.0.3)

Severity

High

Classification

CVE-2017-11364 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation Authentication Bypass