Joomla! 2.5.x < 3.9.20 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.20. It is, therefore, affected by multiple vulnerabilities. - A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability. - Missing validation...

[20200704] - Core - Variable tampering via user table class

Internal read-only fields in the User table class could be modified by users...