Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2018-11325)

Description

An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.

Remediation

References

Related Vulnerabilities

WordPress Plugin Galleries by Angie Makes Cross-Site Scripting (1.67)

WebLogic URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-35302)

WordPress Plugin Simple Membership Cross-Site Request Forgery (3.8.4)

Python Integer Overflow or Wraparound Vulnerability (CVE-2018-20406)

MySQL CVE-2021-35622 Vulnerability (CVE-2021-35622)

Severity

Critical

Classification

CVE-2018-11325 CWE-209 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities