CVE-2023-28732 : Missing access control in AnyMailing Joomla Plugin allows to list and access fil

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.

Published 2023-03-30 12:15:08

Updated 2023-04-06 17:29:20

Source Switzerland Government Common Vulnerability Program

View at NVD, CVE.org

Vulnerability category: Directory traversalInput validationInformation leak

Products affected by CVE-2023-28732

Acymailing » Acymailing » For Joomla!
Versions before (<) 8.3.0
cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:joomla\!:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-28732

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 32 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-28732

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	3.9	2.5	Switzerland Government Common Vulnerability Program
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2023-28732

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: vulnerability@ncsc.ch (Secondary)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: vulnerability@ncsc.ch (Secondary)

References for CVE-2023-28732

https://www.bugbounty.ch/advisories/CVE-2023-28732

CVE-2023-28732 - Bug Bounty Switzerland
Third Party Advisory
https://github.com/acyba/acymailing/releases/tag/v8.3.0

Release v8.3.0 · acyba/acymailing · GitHub
Release Notes
https://www.acymailing.com/change-log/

Changelog - AcyMailing
Release Notes

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-28732

Products affected by CVE-2023-28732

Exploit prediction scoring system (EPSS) score for CVE-2023-28732

CVSS scores for CVE-2023-28732

CWE ids for CVE-2023-28732

References for CVE-2023-28732