Joomla - Improper Access Execution (CVE-2023-23752)
- CVSSv3 Score
- Vulnerability description
Joomla is vulnerable to CVE-2023-23752, an Improper Access Execution vulnerability in the
/api/v1/config/application?public=trueendpoints of the Joomla server. The
publicparameter of the vulnerable endpoint allows an attacker to access the Joomla-related configuration information which eventually leads to the disclosure of sensitive information such as database username and password.
- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.
- Exploit capabilities
Sniper can extract custom artefacts as evidence from the target system.
Upgrade the Joomla to the latest version.
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Vuln date
- Feb 2023
- Published at
- Updated at
- Software Type
- Open Source Matters