Joomla : Security Vulnerabilities, CVEs, (Gain Privilege)
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
Max CVSS
9.8
EPSS Score
1.22%
Published
2017-11-10
Updated
2017-11-28
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
Max CVSS
7.5
EPSS Score
1.15%
Published
2016-12-16
Updated
2017-09-02
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.
Max CVSS
9.8
EPSS Score
1.80%
Published
2016-12-05
Updated
2016-12-07
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.26%
Published
2015-10-29
Updated
2015-10-30
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
Max CVSS
7.5
EPSS Score
1.00%
Published
2014-10-08
Updated
2014-10-09
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-06-21
Updated
2021-06-25
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
Max CVSS
7.5
EPSS Score
1.19%
Published
2008-01-04
Updated
2008-11-15
8 vulnerabilities found