Joomla

Joomla Unauthorized Access Vulnerability (CVE-2023-23752) Notice

February 24, 2023

Overview Recently, Joomla officially released a security update notice to fix a Joomla unauthorized access vulnerability (CVE-2023-23752), which was submitted by a researcher of NSFOCUS Tianji Lab. Due to flaws in Joomla’s access control to Web service endpoints, unauthenticated attackers access the RestAPI interface to obtain Joomla-related configuration information by constructing specially crafted requests, which […]

Joomla! Content Management System Remote Code Execution Vulnerability Threat Alert

Joomla

October 22, 2019

Overview

Recently, security researcher Alessandro Groppo posted a blog about a remote code execution vulnerability in the early version of the content management system Joomla!. The vulnerability is a remote code execution caused by a PHP object injection discovered by researchers in the Joomla! CMS 3.0.0. to 3.4.6 (released from September 2012 to December 2015). The vulnerability POC has been released. (more…)

Search

Subscribe to the NSFOCUS Blog