Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.0 - 3.9.27 Exploit type: Incorrect Access Control Reported Date: 2021-06-06 Fixed Date: 2021-07-06 CVE Number: CVE-2021-26038 Description Install action in com_installer lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default com_installer is limited to super users already. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.27 Solution Upgrade to version 3.9.28 Contact The JSST at the Joomla! Security Centre. Reported By: Nicholas Dionysopoulos [20210704] - Core - Privilege escalation through com_installer
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 2.5.0 - 3.9.27 Exploit type: Incorrect Access Control Reported Date: 2021-06-06 Fixed Date: 2021-07-06 CVE Number: CVE-2021-26038 Description Install action in com_installer lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default com_installer is limited to super users already. Affected Installs Joomla! CMS versions 2.5.0 - 3.9.27 Solution Upgrade to version 3.9.28 Contact The JSST at the Joomla! Security Centre. Reported By: Nicholas Dionysopoulos - Zugriffe: 886