Description
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3757)
Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-42097)
WordPress Plugin Nextend Facebook Connect Cross-Site Scripting (1.5.0)
OpenVPN AS Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-33737)