Description
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Comment Rating Cross-Site Scripting (1.5.3)
MySQL CVE-2016-5609 Vulnerability (CVE-2016-5609)
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3790)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3747)