Joomla! prior to 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
joomla joomla 1.5rc4