- Project: Joomla!
- SubProject: CMS Installer
- Severity: High
- Versions: 1.0.0 through 3.7.3
- Exploit type: Lack of Ownership Verification
- Reported Date: 2017-Apr-06
- Fixed Date: 2017-July-25
- CVE Number: CVE-2017-11364
Description
The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.
Please note: Already installed sites are not affected, as this issue is limited to the installer application!
Affected Installs
Joomla! CMS versions 1.0.0 through 3.7.3
Solution
Upgrade to version 3.7.4
Contact
The JSST at the Joomla! Security Centre.
Reported By: Hanno Böck