• Project: Joomla!
• SubProject: CMS
• Impact: High
• Severity: Low
• Versions: 2.5.0-3.9.15
• Exploit type: Incorrect Access Control
• Reported Date: 2020-January-31
• Fixed Date: 2020-March-10
• CVE Number: CVE-2020-10238

Description

Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

Affected Installs

Joomla! CMS versions 2.5.0 - 3.9.15

Solution

Upgrade to version 3.9.16

Contact

The JSST at the Joomla! Security Centre.