- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: High
- Versions: 4.0.0
- Exploit type: Incorrect Access Control
- Reported Date: 2021-08-20
- Fixed Date: 2021-08-24
- CVE Number: CVE-2021-26040
Description
The media manager does not correctly check the user's permissions before executing a file deletion command.
Affected Installs
Joomla! CMS versions 4.0.0
Solution
Upgrade to version 4.0.1
Contact
The JSST at the Joomla! Security Centre.
Reported By: Maverick