CVE-2017-11364 โ€” Improper Certificate Validation in Joomla !

CWE-295 โ€” Improper Certificate Validation3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 43.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joomla !
Timeline
PublishedAug 2
Latest updateMay 17

Description

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

โ–ถNVDjoomla/joomla_!134 versions+133

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-q3mx-xpwh-hmpq: The CMS installer in Joomla! before 3โ†—2022-05-17
โ–ถ
CVEList
CVE-2017-11364: The CMS installer in Joomla! before 3โ†—2017-08-02
โ–ถ
CVE-2017-11364 โ€” Improper Certificate Validation | cvebase