• Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 2.5.0 through 3.8.7
  • Exploit type: ACL violation
  • Reported Date: 2018-March-08
  • Fixed Date: 2018-May-22
  • CVE Number: CVE-2018-11323


Inadequate checks allowed users to modify the access levels of user groups with higher permissions.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.7


Upgrade to version 3.8.8


The JSST at the Joomla! Security Centre.

Reported By: Matias Aguirre, JSST