Hoang Kien

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.27 **Description** An issue was discovered in the CMS functions where existing user sessions were not properly terminated when a user's password was changed or the user was blocked. **Recommendations** For Joomla! versions 2.5.0 through 3.9.27, update to a version that properly handles user session termination upon password change or user blockage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 2.5.0 through 3.9.27 **Description** An issue was discovered in Joomla! where missing validation of input could lead to a broken usergroups table. **Recommendations** For Joomla! versions 2.5.0 through 3.9.27, update to a version that includes the necessary input validation to prevent the usergroups table from being broken.

**Name of the Vulnerable Software and Affected Versions** Chamilo LMS version 1.11.10 **Description** The issue is related to Cross Site Request Forgery (CSRF) via the `edit user` function, which can be exploited by targeting an admin user. This allows for unauthorized actions to be performed on behalf of the admin. **Recommendations** For Chamilo LMS version 1.11.10, consider disabling the `edit user` function until a patch is available to prevent CSRF attacks. Restrict access to admin user accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Chamilo LMS version 1.11.10 **Description** The issue is related to improper privilege management. A user with Sessions administrator privilege can create a new user and then use the edit user function to change this new user to administrator privilege. **Recommendations** For Chamilo LMS version 1.11.10, consider restricting the use of the edit user function to prevent users from escalating their privileges until a proper fix is available. As a temporary workaround, monitor user account changes closely to detect and mitigate any potential misuse of privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.24 **Description** An issue was discovered in the com media component, which allowed paths that are not intended for image uploads. **Recommendations** For Joomla! versions 3.0.0 through 3.9.24, consider restricting access to the com media component until a fix is available. As a temporary workaround, avoid using com media for image uploads to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.20 **Description** An issue was discovered in Joomla! where missing validation checks on the `usergroups` table object can result in a broken site configuration. **Recommendations** For versions prior to 3.9.20, update to version 3.9.20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.17 **Description** An issue was discovered that allows unauthorized editing of usergroups due to incorrect ACL checks in the access level section of com users. **Recommendations** For versions prior to 3.9.17, update to version 3.9.17 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.17 **Description** An issue was discovered in the usergroup table class due to improper input validations, which could lead to a broken ACL configuration. **Recommendations** For versions prior to 3.9.17, update to version 3.9.17 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.17 **Description** An issue was discovered that allows unauthorized deletion of usergroups due to incorrect ACL checks in the access level section of com users. **Recommendations** For versions prior to 3.9.17, update to version 3.9.17 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.16 **Description** An issue was discovered where various actions in com templates lack the required ACL checks, leading to potential attack vectors. **Recommendations** For versions prior to 3.9.16, update to version 3.9.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the com templates component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.16 **Description** An issue was discovered in the image actions of com templates, where missing token checks lead to CSRF. **Recommendations** For versions prior to 3.9.16, update to version 3.9.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions prior to 3.9.16 **Description** An issue was discovered that allows incorrect access control in the SQL fieldtype of com fields, enabling access for non-superadmin users. **Recommendations** For versions prior to 3.9.16, update to version 3.9.16 or later to resolve the issue.