Description
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
Remediation
References
Related Vulnerabilities
PHP Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2020-7070)
WordPress Plugin Recip.ly 'uploadImage.php' Arbitrary File Upload (1.1.7)
WordPress Plugin Video Gallery /w YouTube, Vimeo Arbitrary File Upload (8.48)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2014-9634)