Description

Certain Joomla! Core 4.x versions are vulnerable to an authentication bypass vulnerability that allows unauthenticated users to access sensitive information about Joomla! Installation. It affects Joomla versions 4.0.0 to 4.2.7, the patch was released in version 4.2.8.

Remediation

Upgrade to Joomla! version 4.2.8.

References

Core - Improper access check in webservice endpoints

CVE-2023-23752: Joomla Authentication Bypass Vulnerability

Related Vulnerabilities

WordPress Plugin Ultimate GDPR & CCPA Compliance Toolkit for WordPress Security Bypass (2.4)

WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.19)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions 'memberslist-csv.php' Information Disclosure (1.4.9)

WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)

Severity

Medium

Classification

CVE-2023-23752 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Authentication Bypass