This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98936Joomla! 2.5.x < 3.9.14 Multiple Vulnerabilities
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
57.2%
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities :
-
A path disclosure exists in versions 3.8.0 to 3.9.13 due to a missing access check in framework files (CVE-2019-19845)
-
SQL injection vulnerabilities exist in versions 2.5.0 to 3.9.13 due to a lack of validation of configuration parameters (CVE-2019-19846)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source dataReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19846
developer.joomla.org/security-centre/796-20191201-core-path-disclosure-in-logger-class.html
developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters.html
www.joomla.org/announcements/release-news/5781-joomla-3-9-14.html
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
57.2%