BIT-JOOMLA-2024-40749 [20250103] - Core - Read ACL violation in multiple core views

Improper Access Controls allows access to protected views...

CVE-2024-40749 [20250103] - Core - Read ACL violation in multiple core views

Improper Access Controls allows access to protected views...

CVE-2024-40749

The CVE-2024-40749 entry concerns Joomla! core: an improper access control (ACL) read-violation that allows access to protected core views. The incident is described as affecting multiple core views via an ACL leakage, with a CVSS v3.1 base score of 7.5 (Network access, no user interaction requir...

CVE-2024-40749 [20250103] - Core - Read ACL violation in multiple core views

Improper Access Controls allows access to protected views...

[20250103] - Core - Read ACL violation in multiple core views

Joomla! CMS versions 3.9.0-3.10.19-elts, 4.0.0-4.4.9, 5.0.0-5.2.2...

CVE-2023-38759

Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...

CVE-2023-38759

CVE-2023-38759 describes a Cross-Site Request Forgery (CSRF) vulnerability in the wger Project, Workout Manager version 2.2.0a3. The issue enables a remote attacker to gain privileges via the user-management features, affecting multiple components/files (e.g., gym.py, reset_user_password.html, ov...

CVE-2023-38759

Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...

[20201107] - Core - Write ACL violation in multiple core views

Lack of input validation while handling ACL rulesets can cause write ACL violations...