[20180501] – Core – ACL violation in access levels

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

  • Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 2.5.0 through 3.8.7
  • Exploit type: ACL violation
  • Reported Date: 2018-March-08
  • Fixed Date: 2018-May-22
  • CVE Number: CVE-2018-11323

Description

Inadequate checks allowed users to modify the access levels of user groups with higher permissions.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.7

Solution

Upgrade to version 3.8.8

Contact

The JSST at the Joomla! Security Centre.

Reported By: Matias Aguirre, JSST
Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

Comments are closed.

Categories
Tags
3CXContact appliance Apps available Bare CentOS click Cloud Cloudflare Cluster Contact control cPanel enterprise find Fortigate here hosting install installed integrated into latest Linux Media MySQL network panel Plesk PleskContact Providers Railgun security Server Setup software Suse that Ubuntu using Webuzo when with works Wowza