← volver
CVE-2019-25762

Joomla! Component JoomProject 1.1.3.2 Information Disclosure

CVSS 8.7 HIGHEPSS 0.4%CWE-359
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Joomboost · JoomProject
PoCs públicas encontradas1
cve_referencewww.exploit-db.com/exploits/46121no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://joomboost.com/https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/joomproject/https://www.exploit-db.com/exploits/46121https://www.vulncheck.com/advisories/joomla-component-joomproject-information-disclosure