• Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: High
  • Versions: 4.0.0
  • Exploit type: Incorrect Access Control
  • Reported Date: 2021-08-20
  • Fixed Date: 2021-08-24
  • CVE Number: CVE-2021-26040

Description

The media manager does not correctly check the user's permissions before executing a file deletion command.

Affected Installs

Joomla! CMS versions 4.0.0

Solution

Upgrade to version 4.0.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: Maverick