CVE-2019-10946

CVE-2019-10946

EPSS 1.1%

An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://developer.joomla.org/security-centre/778-20190402-core-helpsites-refresh-endpoint-callable-for-unauthenticated-users