• Project: Joomla!
  • SubProject: CMS
  • Impact: Critical
  • Severity: High
  • Probability: High
  • Versions: 4.0.0-4.2.7
  • Exploit type: Incorrect Access Control
  • Reported Date: 2023-02-13
  • Fixed Date: 2023-02-16
  • CVE Number: CVE-2023-23752

Description

An improper access check allows unauthorized access to webservice endpoints.

Affected Installs

Joomla! CMS versions 4.0.0-4.2.7

Solution

Upgrade to version 4.2.8

Contact

The JSST at the Joomla! Security Centre.

Reported By:  Zewei Zhang from NSFOCUS TIANJI Lab