Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Joomla! 2.5.0 - 3.9.27 Multiple Vulnerabilities

Information

Severity

Severity

Medium

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

4.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

2 years ago

Modified

Modified

2 years ago

Share

Summary

Joomla! is prone to multiple vulnerabilities.

Insight

Insight

The following vulnerabilities exist: - CVE-2021-26036: Missing validation of input could lead to a broken usergroups table. - CVE-2021-26037: CMS functions did not properly terminate existing user sessions when a user's password was changed or the user was blocked. - CVE-2021-26038: Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.

Affected Software

Affected Software

Joomla! version 2.5.0 through 3.9.27.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 3.9.28 or later.

Common Vulnerabilities and Exposures (CVE)

References