Joomla! Multiple Vulnerabilities
Last Update Date:
24 Apr 2020 10:21
Release Date:
24 Apr 2020
4707
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Multiple vulnerabilities have been identified in Joomla!. A remote user can exploit these vulnerabilities to trigger security restriction bypass and data manipulation on the targeted system.
Impact
- Security Restriction Bypass
- Data Manipulation
System / Technologies affected
Joomla! CMS versions:
- 3.8.8 - 3.9.16 (CVE-2020-11891)
- 2.5.0 - 3.9.16 (CVE-2020-11890)
- 2.5.0 - 3.9.16 (CVE-2020-11889)
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Upgrade to 3.9.17
Vulnerability Identifier
Source
Related Link
- https://developer.joomla.org/security-centre/809-20200401-core-incorrect-access-control-in-com-users-access-level-editing-function.html
- https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html
- https://developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function.html
- https://www.auscert.org.au/bulletins/ESB-2020.1418/
Share with