- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 2.5.0 through 3.8.7
- Exploit type: ACL violation
- Reported Date: 2018-March-08
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-XXXX
Description
Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
Affected Installs
Joomla! CMS versions 2.5.0 through 3.8.7
Solution
Upgrade to version 3.8.8
Contact
The JSST at the Joomla! Security Centre.
Reported By: Matias Aguirre, JSST