Description

An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.

Remediation

References

CVE-2018-17855

Related Vulnerabilities

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-3735)

WordPress Plugin Translate WordPress with GTranslate Cross-Site Scripting (2.8.64)

Grafana CVE-2022-39201 Vulnerability (CVE-2022-39201)

WordPress Plugin Persian Woocommerce SMS Cross-Site Scripting (3.3.2)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9691)

Severity

High

Classification

CVE-2018-17855 CWE-269 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities