2 matches found
CVE-2019-10946
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of comusers lacks access checks, allowing calls from unauthenticated users...
CVE-2019-10946
Joomla! before 3.9.5 is affected by CVE-2019-10946 due to missing access checks on the refresh list of helpsites endpoint in com_users, allowing unauthenticated calls. Affected versions include 3.9.4 and earlier; remediation is to upgrade to Joomla! 3.9.5 (or later) where this is fixed.