An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Joomla! | Joomla | 2.5.4 (including) | 3.8.13 (excluding) |