Description

An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.

Remediation

References

CVE-2018-17855

Related Vulnerabilities

WordPress Plugin Relevanssi-A Better Search Cross-Site Scripting (3.3.7.1)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-0218)

Moodle Improper Following of Specification by Caller Vulnerability (CVE-2019-14829)

MongoDb Other Vulnerability (CVE-2019-20923)

SharePoint Improper Input Validation Vulnerability (CVE-2009-3830)

Severity

High

Classification

CVE-2018-17855 CWE-269 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities