Joomla : Security Vulnerabilities (Bypass)

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Max Base Score
Published 2023-02-16
Updated 2023-02-24
EPSS 53.86%
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
Max Base Score
Published 2022-03-30
Updated 2022-04-05
EPSS 0.19%
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.
Max Base Score
Published 2019-03-12
Updated 2020-08-24
EPSS 0.27%
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
Max Base Score
Published 2017-11-10
Updated 2017-11-28
EPSS 1.24%
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
Max Base Score
Published 2016-12-16
Updated 2017-09-02
EPSS 1.15%
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.
Max Base Score
Published 2016-12-05
Updated 2016-12-07
EPSS 1.80%
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
Max Base Score
Published 2015-10-29
Updated 2015-10-30
EPSS 0.26%
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
Max Base Score
Published 2014-10-08
Updated 2014-10-09
EPSS 1.00%
Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Max Base Score
Published 2021-06-21
Updated 2021-06-25
EPSS 0.22%
9 vulnerabilities found
This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!