Joomla! Core Security Bypass
Description
Joomla! Core versions 1.0.0 through 3.7.3 contain a security bypass vulnerability in the CMS installer component due to insufficient ownership verification. This flaw allows authenticated attackers with low-level privileges to bypass security controls and execute unauthorized actions during the installation process, potentially leading to complete compromise of the Joomla! installation.
Remediation
Immediately upgrade Joomla! Core to version 3.7.4 or later, which addresses the installer ownership verification issue. Follow these steps:<br/><br/>1. Back up your current Joomla! installation, including all files and the database<br/>2. Download Joomla! version 3.7.4 or higher from the official Joomla! website<br/>3. Use the Joomla! Update component (Extensions > Manage > Update) or manually upload the update package<br/>4. After upgrading, verify the installation by checking System > System Information to confirm the version number<br/>5. Review user accounts and permissions to ensure no unauthorized accounts were created<br/>6. Monitor system logs for any suspicious activity that may have occurred prior to patching<br/><br/>If immediate patching is not possible, restrict access to the installer directory and ensure it is removed or protected on production systems.