Description

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.

Remediation

References

CVE-2013-3056

Related Vulnerabilities

WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)

WordPress Plugin WhyDoWork AdSense Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.2)

Piwigo Improper Access Control Vulnerability (CVE-2016-10105)

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-23163)

MySQL CVE-2019-2741 Vulnerability (CVE-2019-2741)

Severity

Medium

Classification

CVE-2013-3056 CWE-264

Tags

Missing Update Known Vulnerabilities