Description
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-25314)
WordPress Plugin CONTUS VBLOG-Video Blogging 'save.php' Arbitrary File Upload (1.0)
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000399)