Security
Headlines
HeadlinesLatestCVEs

Headline

Joomla! vulnerability is being actively exploited

A vulnerability in the popular Joomla! CMS has been added to CISA’s known exploited vulnerabilities catalog.

Malwarebytes
#vulnerability#web#auth

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats.

Joomla! is an open-source CMS that’s been around since 2005, and has been one of the most popular CMS platforms by market share for much of that time. Many companies, from small outfits to large enterprises, use a CMS in some form to manage their websites. There are lots of advantages to using a popular CMS, but if you do you need to keep an eye out for updates.

Take for example the vulnerability that has been added to the CISA catalog: CVE-2023-23752 was reported, and a fix was created in February 2023. But here we are, active exploitation is upon us.

The vulnerability allows a successful attacker to access an application programming interface (API) through which they can obtain Joomla-related configuration information. The attacker has to construct specially crafted requests, which can eventually lead to the disclosure of sensitive information.

The vulnerability is the result of an improper access check that allows unauthorized access to webservice endpoints that exist in Joomla! versions 4.0.0-4.2.7.

If the database is exposed publicly, the attacker can change the Joomla! Super User’s password. After which the attacker can log in to the administrative web interface and modify a Joomla! template to include a web shell, or install a malicious plugin, giving themselves the ability execute code remotely.

But even if the database is not exposed publicly, exploitation can be used to get the Joomla! user database (usernames, emails, assigned group). This could open up options for credential stuffing. Credential stuffing is a special type of password attack that exploits password reuse by using username and password combinations found on one service to log in to other, unrelated services.

Users are advised to upgrade their CMS to version 4.2.8 or later. The latest version (5.0.1 at the moment of writing) and upgrade packages can be downloaded here.

Secure your CMS

There are a few obvious and easy-to-remember rules to keep in mind if you want to use a CMS without compromising your security. They are as follows:

  • Choose a CMS that actively looks for and fixes security vulnerabilities.
  • If it has a mailing list for informing users about patches, join it.
  • Enable automatic updates if the CMS supports them.
  • Use the fewest number of plugins you can, and do your due diligence on the ones you use.
  • Keep track of the changes made to your site and its source code.
  • Secure accounts with two-factor authentication (2FA).
  • Give users the minimum access rights they need to do their job.
  • Limit file uploads to exclude code and executable files, and monitor them closely.
  • Use a Web Application Firewall (WAF).

If your CMS is hosted on your own servers, be aware of the dangers that this setup brings and keep it separated from other parts of your network.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.

Related news

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.

New Hacker Group GambleForce Hacks Targets with Open Source Tools

By Waqas Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally. This is a post from HackRead.com Read the original post: New Hacker Group GambleForce Hacks Targets with Open Source Tools

New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive

Joomla! 4.2.7 Unauthenticated Information Disclosure

Joomla! versions prior to 4.2.8 suffer from an unauthenticated information disclosure vulnerability.

CVE-2023-23752: Joomla! Developer Network

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.