[20181002] - Core - Inadequate default access level for com_joomlaupdate

2018-10-02T00:00:00
ID JOOMLA-752
Type joomla
Reporter Open Source Matters, Inc.
Modified 2018-10-02T00:00:00

Description

Joomla’s com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access com_joomlaupdate and trigger a code execution.