[20130401] – Core – Privilege Escalation
Apr24
on April 24, 2013
at 5:00 am
Posted In: Uncategorized
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Privilege Escalation
- Reported Date: 2013-March-29
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3056
Description
Inadequate permission checking allows unauthorised user to delete private messages.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Francois Gauthier
Comment