CVE-2019-25762

Joomla! Component JoomProject 1.1.3.2 Information Disclosure

CVSS 8.7 HIGHEPSS 0.4%CWE-359

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Joomboost · JoomProject

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46121unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://joomboost.com/https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/joomproject/https://www.exploit-db.com/exploits/46121 https://www.vulncheck.com/advisories/joomla-component-joomproject-information-disclosure