Vulnerability Description
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla\! | < 3.8.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104278Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040966Third Party AdvisoryVDB Entry
- https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-pVendor Advisory
- http://www.securityfocus.com/bid/104278Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040966Third Party AdvisoryVDB Entry
- https://developer.joomla.org/security-centre/732-20180504-core-installer-leaks-pVendor Advisory
FAQ
What is CVE-2018-11325?
CVE-2018-11325 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and disp...
How severe is CVE-2018-11325?
CVE-2018-11325 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11325?
Check the references section above for vendor advisories and patch information. Affected products include: Joomla Joomla\!.