5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.963 High
EPSS
Percentile
99.4%
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Recent assessments:
noraj at March 24, 2023 9:21am UTC reported:
There are at least two ways to achieve RCE.
It leaks the MySQL credentials, in default and most common configurations MySQL will be exposed only on 127.0.0.1
which make the attack ineffective. But if the database is exposed publicly, the attacker can change the Joomla! Super Userβs password. The attacker logs in administrative web interface and modify a template to include a webshell or install a malicious plugin.
It leaks the Joomla user database (usernames, emails, assigned group). The attacker can target a Super user and try bruteforce or credentials stuffing, then follows previously showcased paths to code execution.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23752
developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html
github.com/Acceis/exploit-CVE-2023-23752
github.com/z3n70/CVE-2023-23752
nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/
vulncheck.com/blog/joomla-for-rce
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.963 High
EPSS
Percentile
99.4%