Project: Joomla!
SubProject: CMS Installer
Severity: High
Versions: 1.0.0 through 3.7.3
Exploit type: Lack of Ownership Verification
Reported Date: 2017-Apr-06
Fixed Date: 2017-July-25
CVE Number: CVE-2017-11364
Description
The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.
Please note: Already installed sites are not affected, as this issue is limited to the installer application!
Affected Installs
Joomla! CMS versions 1.0.0 through 3.7.3
Solution
Upgrade to version 3.7.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hanno Böck [20170704] - Core - Installer: Lack of Ownership Verification
- Details
- Joomla RSS Sicherheit
- Kategorie: Joomla News
Project: Joomla!
SubProject: CMS Installer
Severity: High
Versions: 1.0.0 through 3.7.3
Exploit type: Lack of Ownership Verification
Reported Date: 2017-Apr-06
Fixed Date: 2017-July-25
CVE Number: CVE-2017-11364
Description
The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.
Please note: Already installed sites are not affected, as this issue is limited to the installer application!
Affected Installs
Joomla! CMS versions 1.0.0 through 3.7.3
Solution
Upgrade to version 3.7.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hanno Böck - Zugriffe: 1594