CVE-2018-17856 — Joomla ! vulnerability

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

3.7%

top 12.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !Joomla Framework

Timeline

PublishedOct 9

Latest updateMay 13

Description

An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDjoomla/joomla_!2.5.4 — 3.8.13

▶Packagistjoomla/framework2.5.4 — 3.8.13

🔴Vulnerability Details

OSV

Joomla RCE Vulnerability↗2022-05-13

▶

GHSA

Joomla RCE Vulnerability↗2022-05-13

▶

CVEList

CVE-2018-17856: An issue was discovered in Joomla! before 3↗2018-10-09

▶