- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 through 3.8.7
- Exploit type: Information Disclosure
- Reported Date: 2018-February-09
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-11325
The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and displays the plain text password for the administrator account at the confirmation screen.
Joomla! CMS versions 3.0.0 through 3.8.7
Upgrade to version 3.8.8
The JSST at the Joomla! Security Centre.
Reported By: Sascha Egerer