BID:105161

Joomla! CVE-2018-15881 Security Bypass Vulnerability

CVE-2018-15881 |

Info

Joomla! CVE-2018-15881 Security Bypass Vulnerability

Bugtraq ID:	105161
Class:	Access Validation Error
CVE:	CVE-2018-15881
Remote:	Yes
Local:	No
Published:	Aug 28 2018 12:00AM
Updated:	Aug 28 2018 12:00AM
Credit:	Elisa Foltyn
Vulnerable:	Joomla Joomla! 3.8.11 Joomla Joomla! 3.8.10 Joomla Joomla! 3.8.9 Joomla Joomla! 3.8.8 Joomla Joomla! 3.8.7 Joomla Joomla! 3.8.6 Joomla Joomla! 3.8.5 Joomla Joomla! 3.8.4 Joomla Joomla! 3.8.3 Joomla Joomla! 3.8.2 Joomla Joomla! 3.8.1 Joomla Joomla! 3.7.3 Joomla Joomla! 3.7.2 Joomla Joomla! 3.7.1 Joomla Joomla! 3.7 Joomla Joomla! 3.8.0 Joomla Joomla! 3.7.5 Joomla Joomla! 3.7.4

Not Vulnerable:	Joomla Joomla! 3.8.12

Discussion

Joomla! CVE-2018-15881 Security Bypass Vulnerability

Joomla! is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks.

Joomla! versions 3.7.0 through 3.8.11 are vulnerable.

Exploit / POC

Joomla! CVE-2018-15881 Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.

Solution / Fix

Joomla! CVE-2018-15881 Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Joomla! CVE-2018-15881 Security Bypass Vulnerability

References:

Joomla HomePage (Joomla)
[20180803] - Core - ACL Violation in custom fields (Joomla)