High severity7.2NVD Advisory· Published Oct 9, 2018· Updated Jun 17, 2026
CVE-2018-17856
CVE-2018-17856
Description
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
joomla/frameworkPackagist | >= 2.5.4, < 3.8.13 | 3.8.13 |
Affected products
1Patches
Vulnerability mechanics
References
7- www.securityfocus.com/bid/105559nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1041914nvdThird Party AdvisoryVDB Entry
- developer.joomla.org/security-centre/752-20181002-core-inadequate-default-access-level-for-com-joomlaupdate.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-9m72-pw47-292wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-17856ghsaADVISORY
- web.archive.org/web/20210124211736/http://www.securityfocus.com/bid/105559ghsaWEB
- web.archive.org/web/20211208125303/http://www.securitytracker.com/id/1041914ghsaWEB
News mentions
0No linked articles in our index yet.