Vulnerabilities > CVE-2018-17856 - Unspecified vulnerability in Joomla Joomla!
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | JOOMLA_3813.NASL |
description | According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.8.13. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not attempted to exploit these issues but has instead relied only on the application |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 118069 |
published | 2018-10-12 |
reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/118069 |
title | Joomla! < 3.8.13 Multiple Vulnerabilities |
code |
|
References
- http://www.securityfocus.com/bid/105559
- http://www.securityfocus.com/bid/105559
- http://www.securitytracker.com/id/1041914
- http://www.securitytracker.com/id/1041914
- https://developer.joomla.org/security-centre/752-20181002-core-inadequate-default-access-level-for-com-joomlaupdate.html
- https://developer.joomla.org/security-centre/752-20181002-core-inadequate-default-access-level-for-com-joomlaupdate.html