CVE-2023-23752
[20230201] - Core - Improper access check in webservice endpoints
In short
Joomla versions 4.0.0 through 4.2.7 have a flaw that fails to properly check user permissions on webservice endpoints, allowing unauthorized people to access them. This can expose sensitive data or allow attackers to perform unintended actions.
Technical detail
An improper access control vulnerability in Joomla webservice endpoints (CWE-284) permits unauthenticated or low-privileged attackers to bypass authorization checks and access protected API endpoints. The vulnerability affects versions 4.0.0 through 4.2.7; exploitation requires network access to the webservice endpoints with no additional authentication pre-conditions in certain cases.
Summary generated and translated by AI from the official description.
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Joomla! Project · Joomla! CMSpublic PoCs found — 47
githubgithub.com/Acceis/exploit-CVE-2023-23752★ 93githubgithub.com/Ap0dexMe0/CVE-2023-23752★ 34githubgithub.com/z3n70/CVE-2023-23752★ 17githubgithub.com/K3ysTr0K3R/CVE-2023-23752-EXPLOIT★ 16githubgithub.com/keyuan15/CVE-2023-23752★ 12githubgithub.com/gibran-abdillah/CVE-2023-23752★ 7githubgithub.com/adhikara13/CVE-2023-23752★ 7githubgithub.com/Youns92/Joomla-v4.2.8---CVE-2023-23752★ 6githubgithub.com/0xNahim/CVE-2023-23752★ 5githubgithub.com/karthikuj/CVE-2023-23752-Docker★ 4githubgithub.com/Sweelg/CVE-2023-23752★ 4githubgithub.com/Fernando-olv/Joomla-CVE-2023-23752★ 4githubgithub.com/ifacker/CVE-2023-23752-Joomla★ 3githubgithub.com/Vulnmachines/joomla_CVE-2023-23752★ 3githubgithub.com/Saboor-Hakimi/CVE-2023-23752★ 3githubgithub.com/blacks1ph0n/CVE-2023-23752★ 2githubgithub.com/GhostToKnow/CVE-2023-23752★ 2githubgithub.com/0xWhoami35/CVE-2023-23752★ 2githubgithub.com/yusinomy/CVE-2023-23752★ 2githubgithub.com/ibaiw/joomla_CVE-2023-23752★ 2githubgithub.com/AlissonFaoli/CVE-2023-23752★ 1githubgithub.com/JohnDoeAnonITA/CVE-2023-23752★ 1githubgithub.com/r3dston3/CVE-2023-23752★ 1githubgithub.com/wangking1/CVE-2023-23752-poc★ 1githubgithub.com/Pushkarup/CVE-2023-23752★ 1githubgithub.com/h3x0v3rl0rd/CVE-2023-23752★ 1githubgithub.com/AkbarWiraN/Joomla-Scanner★ 1githubgithub.com/shellvik/CVE-2023-23752★ 0githubgithub.com/gunzf0x/CVE-2023-23752★ 0githubgithub.com/sw0rd1ight/CVE-2023-23752★ 0githubgithub.com/adriyansyah-mf/CVE-2023-23752★ 0githubgithub.com/Jenderal92/Joomla-CVE-2023-23752★ 0githubgithub.com/Ge-Per/Scanner-CVE-2023-23752★ 0githubgithub.com/MrP4nda1337/CVE-2023-23752★ 0githubgithub.com/yTxZx/CVE-2023-23752★ 0githubgithub.com/Ly0kha/Joomla-CVE-2023-23752-Exploit-Script★ 0githubgithub.com/svaltheim/CVE-2023-23752★ 0githubgithub.com/hadrian3689/CVE-2023-23752_Joomla★ 0githubgithub.com/C1ph3rX13/CVE-2023-23752★ 0githubgithub.com/JeneralMotors/CVE-2023-23752★ 0githubgithub.com/Rival420/CVE-2023-23752★ 0githubgithub.com/mariovata/CVE-2023-23752-Python★ 0githubgithub.com/0xx01/CVE-2023-23752★ 0githubgithub.com/Aureum01/CVE-2023-23752★ 0githubgithub.com/Marwan651/Joomla-CMS-Full-Lifecycle-Pentest★ 0githubgithub.com/Sharma01672/traveller-htb★ 0exploitdbwww.exploit-db.com/exploits/51334unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →