CVE-2023-23752

Known exploited
Public exploit
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Max CVSS
5.3
EPSS Score
95.21%
Published
2023-02-16
Updated
2024-01-09
CISA KEV Added
2024-01-08
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
Max CVSS
5.3
EPSS Score
0.13%
Published
2022-10-25
Updated
2023-12-02
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
Max CVSS
5.3
EPSS Score
0.12%
Published
2022-08-31
Updated
2022-09-05
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
Max CVSS
5.3
EPSS Score
0.12%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
Max CVSS
5.3
EPSS Score
0.11%
Published
2021-04-14
Updated
2021-04-22
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-03-04
Updated
2022-07-12
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-04
Updated
2021-03-10
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-03-04
Updated
2022-07-12
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
Max CVSS
5.3
EPSS Score
0.11%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
Max CVSS
5.3
EPSS Score
0.09%
Published
2021-01-12
Updated
2021-01-19
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
Max CVSS
5.3
EPSS Score
0.11%
Published
2020-12-28
Updated
2021-07-21
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-07-15
Updated
2020-07-15
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
Max CVSS
5.3
EPSS Score
0.11%
Published
2020-07-15
Updated
2021-07-21
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2021-07-21
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2020-04-29
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-04-21
Updated
2021-07-21
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-03-16
Updated
2020-03-19
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
Max CVSS
5.3
EPSS Score
0.15%
Published
2019-12-18
Updated
2019-12-19
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
Max CVSS
5.3
EPSS Score
0.09%
Published
2019-11-06
Updated
2019-11-06
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-08-14
Updated
2020-08-24
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
Max CVSS
5.4
EPSS Score
0.07%
Published
2019-01-16
Updated
2019-02-26
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
Max CVSS
5.4
EPSS Score
0.25%
Published
2018-08-29
Updated
2018-11-02
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
Max CVSS
5.9
EPSS Score
0.45%
Published
2018-05-22
Updated
2018-06-22
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
Max CVSS
5.3
EPSS Score
0.14%
Published
2017-04-25
Updated
2017-05-03
72 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!