CVE-2023-23752

CWE-284Improper Access Control11 documents11 sources
5.3
CVSS
MEDIUM
EPSS94.5%(100th)
CISA KEVPublic ExploitExploited in Wild
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDjoomla/joomla\!4.0.04.2.8
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
NVDMITRE

🔴Vulnerability Details

3
GHSA
Code execution in pandasai2024-01-22
CVEList
[20230201] - Core - Improper access check in webservice endpoints2023-02-16
VulnCheck
Joomla! Improper Access Control Vulnerability2023

💥Exploits & PoCs

2
Exploit-DB
Joomla! v4.2.8 - Unauthenticated information disclosure2023-04-08
Nuclei
Joomla! Webservice - Password Disclosure

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Joomla Improper Access Control to Webservice Endpoints (CVE-2023-23752)2024-05-28

📋Vendor Advisories

1
CISA
Joomla! Improper Access Control Vulnerability2024-01-08

🕵️Threat Intelligence

2
Bleepingcomputer
CISA warns agencies of fourth flaw used in Triangulation spyware attacks2024-01-09
Sentinelone
CVE-2023-23752: Joomla Authentication Bypass Vulnerability2023-04-10

📄Research Papers

1
CTF
Devvortex / README