• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: High
• Versions: 4.0.0
• Exploit type: Incorrect Access Control
• Reported Date: 2021-08-20
• Fixed Date: 2021-08-24
• CVE Number: CVE-2021-26040

Description

The media manager does not correctly check the user's permissions before executing a file deletion command.

Affected Installs

Joomla! CMS versions 4.0.0

Solution

Upgrade to version 4.0.1

Contact

The JSST at the Joomla! Security Centre.