Description

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.

Remediation

References

CVE-2021-26037

Related Vulnerabilities

Joomla Other Vulnerability (CVE-2006-4473)

WordPress Plugin IBS Mappro Arbitrary File Download (0.6)

WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (4.21.1)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2947)

Apache HTTP Server Other Vulnerability (CVE-2003-0132)

Severity

Medium

Classification

CVE-2021-26037 CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities