vulnerability

Joomla!: [20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users (CVE-2019-10946)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Apr 10, 2019	Apr 12, 2019	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Apr 10, 2019

Added

Apr 12, 2019

Modified

Mar 30, 2026

Description

An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.

Solution

joomla-upgrade-3_9_5

References

CVE-2019-10946
https://attackerkb.com/topics/CVE-2019-10946
CWE-306
EUVD-EUVD-2019-2660
http://developer.joomla.org/security-centre/778-20190402-core-helpsites-refresh-endpoint-callable-for-unauthenticated-users.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-2660

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report