vulnerability

Joomla!: [20190402] - Core - Helpsites refresh endpoint callable for unauthenticated users (CVE-2019-10946)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Apr 10, 2019	Apr 12, 2019	Apr 15, 2019

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Apr 10, 2019

Added

Apr 12, 2019

Modified

Apr 15, 2019

Description

An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.

Solution

joomla-upgrade-3_9_5

References

CVE-2019-10946
https://attackerkb.com/topics/CVE-2019-10946
URL-http://developer.joomla.org/security-centre/778-20190402-core-helpsites-refresh-endpoint-callable-for-unauthenticated-users.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today