This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_112562Joomla! 2.5.x < 3.9.20 Multiple Vulnerabilities
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
44.3%
According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.20. It is, therefore, affected by multiple vulnerabilities.
-
A missing token check in the ajax_install endpoint com_installer causes a CSRF vulnerability.
-
Missing validation checks at the usergroups table object can result into an broken site configuration. (CVE-2020-15699)
-
A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. (CVE-2020-15695)
-
Internal read-only fields in the User table class could be modified by users. (CVE-2020-15697)
-
Lack of input filtering and escaping allows XSS attacks in mod_random_image (CVE-2020-15696)
-
Inadequate filtering in the system information screen could expose redis or proxy credentials (CVE-2020-15698)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source dataReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15695
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15700
developer.joomla.org/security-centre/818-20200701-core-csrf-in-com-installer-ajax-install-endpoint.html
developer.joomla.org/security-centre/819-20200702-core-missing-checks-can-lead-to-a-broken-usergroups-table-record.html
developer.joomla.org/security-centre/820-20200703-core-csrf-in-com-privacy-remove-request-feature.html
developer.joomla.org/security-centre/821-20200704-core-variable-tampering-via-user-table-class.html
developer.joomla.org/security-centre/822-20200705-core-escape-mod-random-image-link.html
developer.joomla.org/security-centre/823-20200706-core-system-information-screen-could-expose-redis-or-proxy-credentials.html
www.joomla.org/announcements/release-news/5814-joomla-3-9-20.html
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
44.3%