Joomla - Improper Access Execution (CVE-2023-23752)
- Severity
- CVSSv3 Score
- 5.3
- Vulnerability description
Joomla is vulnerable to CVE-2023-23752, an Improper Access Execution vulnerability in the
/api/index.php/v1/config/application
,/joomla/api/v1/config/application?public=true
,/api/index.php/v1/config/application?public=true
,/api/v1/config/application?public=true
endpoints of the Joomla server. Thepublic
parameter of the vulnerable endpoint allows an attacker to access the Joomla-related configuration information which eventually leads to the disclosure of sensitive information such as database username and password.- Risk description
The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.
- Exploit capabilities
Sniper can extract custom artefacts as evidence from the target system.
- Recommendation
Upgrade the Joomla to the latest version.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Feb 2023
- Published at
- Updated at
- Software Type
- CMS
- Vendor
- Joomla
- Product
- Open Source Matters