Published in Business

[20190304] - Core - Missing ACL check in sample data plugins

by on12 March 2019
Project: Joomla! SubProject: CMS Impact: Moderate Severity: High Versions: 3.8.0 through 3.9.3
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: High
  • Versions: 3.8.0 through 3.9.3
  • Exploit type: XSS
  • Reported Date: 2019-February-28
  • Fixed Date: 2019-March-12
  • CVE Number: CVE-2019-9713

Description

The sample data plugins lack ACL checks, allowing unauthorized access.

Affected Installs

Joomla! CMS versions 3.8.0 through 3.9.3

Solution

Upgrade to version 3.9.4

Contact

The JSST at the Joomla! Security Centre.

Reported By: Sven Hurt, Benjamin Trenkle
Don't miss a thing!
Stay up-to-dated with JoomlaQuickStart
Receive updates for our Joomla news