Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.Referenceshttp://www.securityfocus.com/bid/28111http://secunia.com/advisories/29257http://www.joomla.org/content/view/4335/116/http://securitytracker.com/id?1019145http://www.mandriva.com/security/advisories?name=MDVSA-2008:060http://osvdb.org/43277
