CVE-2021-26034Cross-Site Request Forgery in Joomla !

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 99.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla! Project Joomla! CMS
Timeline
PublishedMay 26
Latest updateMay 24

Description

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDjoomla/joomla_!3.0.03.9.26
CVEListV5joomla!_project/joomla!_cms3.0.0-3.9.26

🔴Vulnerability Details

2
GHSA
GHSA-v774-fr36-5478: An issue was discovered in Joomla! 32022-05-24
CVEList
[20210503] - Core - CSRF in data download endpoints2021-05-26
CVE-2021-26034 — Cross-Site Request Forgery in Joomla ! | cvebase