Description
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Vulnerabilities (2.0.77)
WordPress Plugin WP REST API (WP API) Cross-Site Request Forgery (1.1)
WordPress Plugin Subscribe to Comments Multiple Cross-Site Scripting Vulnerabilities (2.0.4)
Internet Information Services Other Vulnerability (CVE-1999-0191)