Description

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

Remediation

References

CVE-2020-11889

Related Vulnerabilities

PHP Incorrect Conversion between Numeric Types Vulnerability (CVE-2018-5711)

ATutor Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3368)

WordPress Plugin Social Sharing-Sassy Social Share PHP Object Injection (3.3.23)

WordPress Plugin SEO Smart Links Cross-Site Scripting (3.0.1)

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

Severity

Medium

Classification

CVE-2020-11889 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities