Description

An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.

Remediation

References

CVE-2018-17855

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2001-1072)

Nginx Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2014-3556)

WordPress Plugin Highlight Search Terms Cross-Site Scripting (1.3)

WordPress Plugin WordPress Popular Posts Cross-Site Scripting (5.3.3)

WordPress Plugin WooCommerce Checkout Manager Multiple Unspecified Vulnerabilities (3.6.9)

Severity

High

Classification

CVE-2018-17855 CWE-269 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities