Vigil@nce - Joomla Core: privilege escalation via Com_contact Mail Submission

October 2019 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

Impacted products: Joomla! Core.

Severity: 2/4.

Consequences: data creation/edition.

Provenance: internet client.

Confidence: confirmed by the editor (5/5).

Creation date: 14/08/2019.

DESCRIPTION OF THE VULNERABILITY

An attacker can bypass restrictions via Com_contact Mail Submission of Joomla Core, in order to escalate his privileges.

