Description

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently gain control over the CMS installer. Joomla! Core versions ranging from 1.0.0 and up to and including 3.7.3 are vulnerable.

Remediation

Upgrade to version 3.7.4 or higher.

References

Joomla! Security Announcement 20170704

Related Vulnerabilities

Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability

Laravel debug mode enabled

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.3.2)

IIS extended unicode directory traversal vulnerability

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads Security Bypass (2.2.5)

Severity

High

Classification

CVE-2017-11364 CWE-264 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation Authentication Bypass