Description

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.

Remediation

References

CVE-2021-26037

Related Vulnerabilities

XWikiplatform Missing Authorization Vulnerability (CVE-2024-55879)

WordPress Plugin ThirstyAffiliates Affiliate Link Manager Cross-Site Scripting (3.9.2)

WordPress Plugin ReFlex Gallery Arbitrary File Upload (3.1.3)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4226)

WordPress Plugin OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) Supply Chain Attack [Polyfill.io] (1.1.2)

Severity

Medium

Classification

CVE-2021-26037 CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities