HomePentest-Tools.com Logo

Joomla - Improper Access Execution (CVE-2023-23752)

Severity
CVSSv3 Score
5.3
Vulnerability description

Joomla is vulnerable to CVE-2023-23752, an Improper Access Execution vulnerability in the /api/index.php/v1/config/application, /joomla/api/v1/config/application?public=true, /api/index.php/v1/config/application?public=true, /api/v1/config/application?public=true endpoints of the Joomla server. The public parameter of the vulnerable endpoint allows an attacker to access the Joomla-related configuration information which eventually leads to the disclosure of sensitive information such as database username and password.

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.

Exploit capabilities

Sniper can extract custom artefacts as evidence from the target system.

Recommendation

Upgrade the Joomla to the latest version.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Feb 2023
Published at
Updated at
Software Type
CMS
Vendor
Joomla
Product
Open Source Matters