PT-2021-16931 · Joomla · Joomla!
Nicholas Dionysopoulos
·
Published
2021-07-07
·
Updated
2025-04-03
·
CVE-2021-26038
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Joomla! versions 2.5.0 through 3.9.27
Description
An issue was discovered in the install action of com installer, where it lacks the required hardcoded ACL checks for superusers. However, a default system is not affected because the default ACL for com installer is already limited to super users.
Recommendations
For Joomla! versions 2.5.0 through 3.9.27, consider restricting access to the com installer component to minimize the risk of exploitation until a patch is available.
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!