Joomla! com_installer Actions Cross-Site Request Forgery Vulnerability

By GIXnews

A vulnerability in the com_installer actions of Joomla! could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on a targeted system.

The vulnerability is due to insufficient CSRF protections in the back end of the com_installer actions of the affected software. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to the targeted system. A successful exploit could allow the attacker to perform a CSRF attack, which the attacker could use to perform other unauthorized actions on the system.

Joomla! has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-17858

Source:: Cisco Multivendor Vulnerability Alerts