[20231101] - Core - Exposure of environment variables
CVE-2023-40626

7.5HIGH

Key Information:

Vendor: Joomla
Status: Joomla! Cms
Vendor: CVE Published:; 29 November 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The vulnerability arises from a flaw in the language file parsing process within Joomla's core components. This flaw allows malicious actors to manipulate the parsing process, which could potentially expose environment variables. These variables might contain sensitive data such as database credentials, API keys, or other crucial information that could be exploited to compromise the system further. Therefore, it's essential for Joomla administrators to address this issue promptly to safeguard their installations.

Affected Version(s)

Joomla! CMS 1.6.0-4.4.0

Joomla! CMS 5.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Joomla-3.10.12-languagehelper-hotfix
Created by TLWebdesign

References

https://developer.joomla.org/security-centre/919-20231101...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 29, 2023
👾
Exploit known to exist
Nov 29, 2023
Vulnerability published
Nov 29, 2023
Vulnerability Reserved
Aug 17, 2023