Description

In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.

Remediation

References

CVE-2020-13760

Related Vulnerabilities

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.22)

WordPress Plugin CoolClock-a Javascript Analog Clock Cross-Site Scripting (4.3.4)

OpenSSL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2015-1791)

WordPress Plugin Breezing Forms Cross-Site Scripting (1.2.7.33)

WordPress Plugin Custom css-js-php Cross-Site Request Forgery (2.0.7)

Severity

High

Classification

CVE-2020-13760 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities