Unauthorized Access to Webservice Endpoints in Joomla 4.0.0 through 4.2.7
CVE-2023-23752
Key Information:
- Vendor
Joomla
- Status
- Vendor
- CVE Published:
- 16 February 2023
Badges
What is CVE-2023-23752?
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CISA has reported CVE-2023-23752
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-23752 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Joomla! CMS 4.0.0-4.2.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
MalwarebytesCVE-2023-23752Joomla! vulnerability is being actively exploited | Malwarebytes
A vulnerability in the popular Joomla! CMS has been added to CISA's known exploited vulnerabilities catalog.
References
EPSS Score
94% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 📰
First article discovered by Malwarebytes
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved