CVE-2023-40626Joomla ! vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 91.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joomla !Joomla! Project Joomla! CMS
Timeline
PublishedNov 29

Description

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDjoomla/joomla_!1.6.03.10.14+2
CVEListV5joomla!_project/joomla!_cms1.6.0-4.4.0, 5.0.0+1

🔴Vulnerability Details

2
CVEList
[20231101] - Core - Exposure of environment variables2023-11-29
GHSA
GHSA-gphg-cqf2-p7v7: The language file parsing process could be manipulated to expose environment variables2023-11-29
CVE-2023-40626 — Joomla ! vulnerability | cvebase