Improper Access Controls allows backend users to overwrite their username when disallowed.
{ "severity": "High", "cpes": [ "cpe:2.3:a:joomla:joomla!:*:*:*:*:*:*:*:*" ] }