CVE-2023-23752

Known exploited
Public exploit
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Max CVSS
5.3
EPSS Score
95.21%
Published
2023-02-16
Updated
2024-01-09
CISA KEV Added
2024-01-08
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
Max CVSS
4.3
EPSS Score
0.07%
Published
2023-02-01
Updated
2023-02-09
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
Max CVSS
5.3
EPSS Score
0.13%
Published
2022-10-25
Updated
2023-12-02
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
Max CVSS
5.3
EPSS Score
0.12%
Published
2022-08-31
Updated
2022-09-05
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
Max CVSS
5.3
EPSS Score
0.12%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
Max CVSS
5.3
EPSS Score
0.11%
Published
2021-04-14
Updated
2021-04-22
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-03-04
Updated
2022-07-12
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-04
Updated
2021-03-10
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-03-04
Updated
2022-07-12
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
Max CVSS
5.3
EPSS Score
0.11%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
Max CVSS
5.3
EPSS Score
0.09%
Published
2021-01-12
Updated
2021-01-19
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
Max CVSS
5.3
EPSS Score
0.11%
Published
2020-12-28
Updated
2021-07-21
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-07-15
Updated
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
Max CVSS
5.3
EPSS Score
0.11%
Published
2020-07-15
Updated
2021-07-21
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
Max CVSS
4.3
EPSS Score
0.05%
Published
2020-07-15
Updated
2020-07-15
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2021-07-21
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2020-04-29
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2021-07-21
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-03-16
Updated
2020-03-19
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
Max CVSS
5.3
EPSS Score
0.15%
Published
2019-12-18
Updated
2019-12-19
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
Max CVSS
5.3
EPSS Score
0.09%
Published
2019-11-06
Updated
2019-11-06
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-08-14
Updated
2020-08-24
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
Max CVSS
4.8
EPSS Score
0.18%
Published
2019-01-16
Updated
2019-02-26
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
Max CVSS
5.4
EPSS Score
0.07%
Published
2019-01-16
Updated
2019-02-26
130 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!