Cross-site request forgery in Joomla! - CVE-2018-17858
Published: October 11, 2018
Vulnerability identifier: #VU15313
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-17858
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Joomla!
Affected software:
Joomla!
Joomla!
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.
The weakness exists due to insufficient CSRF protections in the back end of the com_installeractions. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions
The weakness exists due to insufficient CSRF protections in the back end of the com_installeractions. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions
How to mitigate CVE-2018-17858
Update to version 3.8.13.