Carsten Schmitz

**Name of the Vulnerable Software and Affected Versions** Joomla (affected versions not specified) **Description** The issue is related to the improper termination of existing user sessions when a user's MFA methods have been modified, allowing a remote attacker to access confidential data. Additionally, multiple vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.27 **Description** An issue was discovered in the CMS functions where existing user sessions were not properly terminated when a user's password was changed or the user was blocked. **Recommendations** For Joomla! versions 2.5.0 through 3.9.27, update to a version that properly handles user session termination upon password change or user blockage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.