Description

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.

Remediation

References

CVE-2013-3056

Related Vulnerabilities

CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.7)

PHP Other Vulnerability (CVE-2015-1352)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6852)

MySQL CVE-2019-2513 Vulnerability (CVE-2019-2513)

Severity

Medium

Classification

CVE-2013-3056 CWE-264

Tags

Missing Update Known Vulnerabilities