Description

Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.

Remediation

References

CVE-2012-1611

Related Vulnerabilities

WordPress Plugin AccessAlly Information Disclosure (3.5.6)

Joomla! Core 1.5.x Session Hijacking (1.5.0 - 1.5.8)

WordPress Plugin Currency Switcher for WooCommerce Security Bypass (2.11.1)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.9)

WordPress Plugin Fusion:Extension-Map Multiple Unspecified Vulnerabilities (1.0.3)

Severity

Medium

Classification

CVE-2012-1611 CWE-264

Tags

Missing Update Known Vulnerabilities