Headline
CVE-2023-23752: Joomla! Developer Network
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Security Announcements
[20230201] - Core - Improper access check in webservice endpoints
- Project: Joomla!
- SubProject: CMS
- Impact: Critical
- Severity: High
- Probability: High
- Versions: 4.0.0-4.2.7
- Exploit type: Incorrect Access Control
- Reported Date: 2023-02-13
- Fixed Date: 2023-02-16
- CVE Number: CVE-2023-23752
Description
An improper access check allows unauthorized access to webservice endpoints.
Affected Installs
Joomla! CMS versions 4.0.0-4.2.7
Solution
Upgrade to version 4.2.8
Contact
The JSST at the Joomla! Security Centre.
Reported By: Zewei Zhang from NSFOCUS TIANJI Lab
Next article: [20221101] - Core - RXSS through reflection of user input in com_media
- You are here:
- Home
- Security Announcements
- [20230201] - Core - Improper access check in webservice endpoints
Related news
A vulnerability in the popular Joomla! CMS has been added to CISA's known exploited vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.
By Waqas Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally. This is a post from HackRead.com Read the original post: New Hacker Group GambleForce Hacks Targets with Open Source Tools
A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive
Joomla! versions prior to 4.2.8 suffer from an unauthenticated information disclosure vulnerability.