CVE-2022-27909 Extension - Incorrect Access Control within jdownloads extension

2022-05-0600:00:00

Joomla

www.cve.org

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.3%

JSON

In Joomla component ‘jDownloads 3.9.8.2 Stable’ the remote user can change some parameters in the address bar and see the names of other users’ files

CNA Affected

[
  {
    "product": "jDownloads",
    "vendor": "jDownloads",
    "versions": [
      {
        "status": "affected",
        "version": "<=3.9.8.2"
      }
    ]
  }
]

References

hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/

www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html