Description
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Polls Cross-Site Scripting (2.60)
WordPress Other Vulnerability (CVE-2007-1894)
phpMyAdmin Other Vulnerability (CVE-2007-2245)
ProjectSend Improper Input Validation Vulnerability (CVE-2017-9741)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)