Description

An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.

Remediation

References

CVE-2018-17855

Related Vulnerabilities

Oracle Database Server CVE-2006-5334 Vulnerability (CVE-2006-5334)

Phusion Passenger Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16355)

PHP Other Vulnerability (CVE-2010-0397)

MySQL CVE-2014-6500 Vulnerability (CVE-2014-6500)

WordPress Plugin WP Job Manager PHP Object Injection (1.29.2)

Severity

High

Classification

CVE-2018-17855 CWE-269 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities