Description

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.

Remediation

References

CVE-2013-3056

Related Vulnerabilities

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-6421)

Oracle Database Server CVE-2014-6537 Vulnerability (CVE-2014-6537)

WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.9.1)

WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)

Severity

Medium

Classification

CVE-2013-3056 CWE-264

Tags

Missing Update Known Vulnerabilities