Description

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain control over the CMS installer. Joomla! Core versions ranging from 1.0.0 and up to and including 3.7.3 are vulnerable.

Remediation

Upgrade to version 3.7.4 or higher.

References

Joomla! Security Announcement 20170704

Related Vulnerabilities

WordPress Plugin Drop Shadow Boxes Security Bypass (1.7.1)

WordPress Plugin WP eCommerce Security Bypass (3.8.14.3)

WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Security Bypass (4.6.3)

WordPress Plugin Theme My Login Security Bypass (6.4.6)

WordPress Plugin User Verification Security Bypass (1.0.93)

Severity

High

Classification

CVE-2017-11364 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation Authentication Bypass