Description

Certain Joomla! Core 4.x versions are vulnerable to an authentication bypass vulnerability that allows unauthenticated users to access sensitive information about Joomla! Installation. It affects Joomla versions 4.0.0 to 4.2.7, the patch was released in version 4.2.8.

Remediation

Upgrade to Joomla! version 4.2.8.

References

Core - Improper access check in webservice endpoints

CVE-2023-23752: Joomla Authentication Bypass Vulnerability

Related Vulnerabilities

WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.1)

WordPress Plugin WP Easy full backup Information Disclosure (1.4)

PHP curl_exec() url is controlled by user

WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)

SharePoint user enumeration

Severity

Medium

Classification

CVE-2023-23752 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Authentication Bypass