Description

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.

Remediation

References

CVE-2017-11364

Related Vulnerabilities

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Privilege Escalation (5.8.9)

MySQL CVE-2020-2770 Vulnerability (CVE-2020-2770)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3058)

WordPress Plugin Startklar Elementor Addons Arbitrary File Deletion (1.7.13)

Moodle Cleartext Storage of Sensitive Information Vulnerability (CVE-2024-43429)

Severity

High

Classification

CVE-2017-11364 CWE-295 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities