Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.4 through 3.8.12 Exploit type: Object Injection Reported Date: 2018-June-21 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17856 Description Joomla’s com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution. Affected Installs Joomla! CMS versions 2.5.4 through 3.8.12 Solution Upgrade to version 3.8.13 Contact The JSST at the Joomla! Security Centre. Reported By: Codesafescan [20181002] - Core - Inadequate default access level for com_joomlaupdate
- Details
- Joomla RSS Sicherheit
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.4 through 3.8.12 Exploit type: Object Injection Reported Date: 2018-June-21 Fixed Date: 2018-October-02 CVE Number: CVE-2018-17856 Description Joomla’s com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution. Affected Installs Joomla! CMS versions 2.5.4 through 3.8.12 Solution Upgrade to version 3.8.13 Contact The JSST at the Joomla! Security Centre. Reported By: Codesafescan - Zugriffe: 853