[20180501] - Core - ACL violation in access levels

[20180501] - Core - ACL violation in access levels

[20180501] – Core – ACL violation in access levels

in Blog Posts
by ReadySpace Philippines
May 22, 2018
Comments Off on [20180501] – Core – ACL violation in access levels
Tags: available, click, Cloud, cPanel, install, Joomla, Server, using

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 2.5.0 through 3.8.7
Exploit type: ACL violation
Reported Date: 2018-March-08
Fixed Date: 2018-May-22
CVE Number: CVE-2018-11323

Description

Inadequate checks allowed users to modify the access levels of user groups with higher permissions.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.7

Solution

Upgrade to version 3.8.8

Contact

The JSST at the Joomla! Security Centre.

Reported By: Matias Aguirre, JSST

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

Comments are closed.