- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 2.5.0 through 3.8.7
- Exploit type: ACL violation
- Reported Date: 2018-March-08
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-11323
Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
Joomla! CMS versions 2.5.0 through 3.8.7
Upgrade to version 3.8.8
The JSST at the Joomla! Security Centre.
Reported By: Matias Aguirre, JSST