[20180803] – Core – ACL Violation in custom fields

[20180803] – Core – ACL Violation in custom fields

[20180803] – Core – ACL Violation in custom fields

in Blog Posts
by Alex Yau
29 8 月, 2018
在〈[20180803] – Core – ACL Violation in custom fields〉中留言功能已關閉
標籤: available, click, Cloud, cPanel, install, Joomla, Server, using

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Versions: 3.7.0 through 3.8.11
Exploit type: ACL Violation
Reported Date: 2018-July-10
Fixed Date: 2018-August-28
CVE Number: CVE-2018-15881

Description

Inadequate checks regarding disabled fields can lead to an ACL violation.

Affected Installs

Joomla! CMS versions 3.7.0 through 3.8.11

Solution

Upgrade to version 3.8.12

Contact

The JSST at the Joomla! Security Centre.

Reported By: Elisa Foltyn, COOLCAT CREATIONS

Joomla is available using 1 click install in Cloud Server cPanel and Cloud Server Webuzo. Contact us to find out our latest offers!

Comments are closed.

Categories