- Project: Joomla!
- SubProject: CMS Installer
- Severity: High
- Versions: 1.0.0 through 3.7.3
- Exploit type: Lack of Ownership Verification
- Reported Date: 2017-Apr-06
- Fixed Date: 2017-July-25
- CVE Number: CVE-2017-11364
The CMS installer application lacked a process to verify the users ownership of a webspace, potentially allowing users to gain control.
Please note: Already installed sites are not affected, as this issue is limited to the installer application!
Joomla! CMS versions 1.0.0 through 3.7.3
Upgrade to version 3.7.4
The JSST at the Joomla! Security Centre.
Reported By: Hanno Böck