Description

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

Remediation

References

CVE-2020-11889

Related Vulnerabilities

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9583)

Jenkins Improper Authentication Vulnerability (CVE-2014-2066)

WordPress Plugin Page Restrict Cross-Site Scripting (2.2.1)

WordPress Plugin Rating by BestWebSoft Cross-Site Scripting (0.1)

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-20032)

Severity

Medium

Classification

CVE-2020-11889 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities