CVE-2018-17856

EPSS 3.51% · P88 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-17856

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Joomla! 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Joomla!是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla! 2.5.4版本至3.8.12版本中存在安全漏洞，该漏洞源于默认的ACL配置允许管理员级别的用户访问com_joomlaupdate。攻击者可利用该漏洞执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-17856

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-17856

请登录查看更多情报信息。

https://developer.joomla.org/security-centre/752-20181002-core-inadequate-default-access-level-for-com-joomlaupdate.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/105559vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041914vdb-entryx_refsource_SECTRACK
https://nvd.nist.gov/vuln/detail/CVE-2018-17856

Same Patch Batch · n/a · 2018-10-09 · 39 CVEs total

CVE-2018-18075		WikidForum SQL注入漏洞
CVE-2018-18192		libgig 代码问题漏洞
CVE-2018-18193		libgig 安全漏洞
CVE-2018-18194		libgig 缓冲区错误漏洞
CVE-2018-18195		libgig 安全漏洞
CVE-2018-18196		libgig 缓冲区错误漏洞
CVE-2018-18197		libgig 安全漏洞
CVE-2018-18082		Waimai Super Cms 跨站脚本漏洞
CVE-2018-18083		DuomiCMS 安全漏洞
CVE-2018-18084		DuomiCMS SQL注入漏洞
CVE-2018-18191		Dayrui FineCms 跨站请求伪造漏洞
CVE-2018-14081		D-Link DIR-809 A1、A2和Guest Zone 安全漏洞
CVE-2018-14080		D-Link DIR-809 A1、A2和Guest Zone 安全漏洞
CVE-2018-15542		org.telegram.messenger application for Android 安全漏洞
CVE-2018-15543		org.telegram.messenger application for Android 安全漏洞
CVE-2018-18029		Navigate CMS 跨站脚本漏洞
CVE-2018-18074		Python 信任管理问题漏洞
CVE-2018-18070		Daimler Mercedes-Benz COMAND 安全漏洞
CVE-2018-18071		Daimler Mercedes-Benz Me app for iOS 安全漏洞
CVE-2018-7633		ADB Epicentro 代码注入漏洞

Showing top 20 of 39 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2018-17856

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-17856

I. Basic Information for CVE-2018-17856

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-17856

III. Intelligence Information for CVE-2018-17856

Same Patch Batch · n/a · 2018-10-09 · 39 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2018-17856

Leave a comment