CVE-2024-27187Improper Access Control in Joomla !

CWE-284Improper Access Control3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 99.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla! Project Joomla! CMS
Timeline
PublishedAug 20

Description

Improper Access Controls allows backend users to overwrite their username when disallowed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDjoomla/joomla_!4.0.04.4.7+1
CVEListV5joomla!_project/joomla!_cms4.0.0-4.4.6, 5.0.0-5.1.2+1

🔴Vulnerability Details

2
GHSA
GHSA-6pqq-98x8-92qf: Improper Access Controls allows backend users to overwrite their username when disallowed2024-08-20
CVEList
[20240804] - Core - Improper ACL for backend profile view2024-08-20
CVE-2024-27187 — Improper Access Control in Joomla ! | cvebase