CVE-2023-23750Cross-Site Request Forgery in Joomla !

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 99.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla! Project Joomla! CMS
Timeline
PublishedFeb 1
Latest updateFeb 2

Description

An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDjoomla/joomla_!4.0.04.2.6
CVEListV5joomla!_project/joomla!_cms4.0.0-4.2.6

🔴Vulnerability Details

2
GHSA
GHSA-xr3c-3fp9-4fcp: An issue was discovered in Joomla! 42023-02-02
CVEList
[20230101] - Core - CSRF within post-installation messages2023-02-01
CVE-2023-23750 — Cross-Site Request Forgery in Joomla ! | cvebase