Known Vulnerabilities
CVE-2021-26038
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
UNKNOWN
Published Jul 07, 2021
CVE-2021-26037
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
UNKNOWN
Published Jul 07, 2021
CVE-2021-26036
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
UNKNOWN
Published Jul 07, 2021