← back
CVE-2021-26040

[20210801] - Core - Insufficient access control for com_media deletion endpoint

EPSS 0.9%
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.
Affected products
Joomla! Project · Joomla! CMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://developer.joomla.org/security-centre/861-20210801-core-insufficient-access-control-for-com-media-deletion-endpoint