CVE-2012-1562

Description

Joomla! core before 2.5.3 allows unauthorized password change.

Affected products

• Joomla! / Joomla! core2.5.2 – 2.5.2
• Joomla! / Joomla! core2.5.1 – 2.5.1
• Joomla! / Joomla! core2.5.0 – 2.5.0
• Joomla! / Joomla! coreand all 1.7.x and 1.6.x versions – and all 1.7.x and 1.6.x versions

References

• MAILING_LISThttp://www.openwall.com/lists/oss-security/2012/03/19/11
• MISChttps://developer.joomla.org/security/news/394-20120304-core-password-change.html