Vulnerability Details : CVE-2018-11323
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
Exploit prediction scoring system (EPSS) score for CVE-2018-11323
Probability of exploitation activity in the next 30 days: 0.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-11323
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2018-11323
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-11323
-
http://www.securitytracker.com/id/1040966
Joomla! Multiple Flaws Let Remote Authenticated Users Modify ACLs and Execute Arbitrary Code, Remote Users Obtain Potentially Sensitive Information and Conduct Cross-Site Scripting Attacks, and LocalThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/104276
Joomla! CVE-2018-11323 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://developer.joomla.org/security-centre/729-20180501-core-acl-violation-in-access-levels.html
[20180501] - Core - ACL violation in access levelsVendor Advisory
Products affected by CVE-2018-11323
- cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*