Joomla! before 1
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
Exploitability
AV:N
AC:L
Au:S
Impact
C:P
I:P
A:P
6.5/AV:N/AC:L/Au:S/C:P/I:P/A:P