← voltar
CVE-2023-23752

[20230201] - Core - Improper access check in webservice endpoints

CVSS 5.3 MEDIUMEPSS 99.8%● KEVCWE-284
Em resumo

Joomla versões 4.0.0 até 4.2.7 têm um problema que não verifica corretamente as permissões de usuários nos endpoints de webservice, permitindo que pessoas não autorizadas os acessem. Isso pode expor dados sensíveis ou permitir que invasores realizem ações indesejadas.

Detalhe técnico

Uma vulnerabilidade de controle de acesso impróprio nos endpoints de webservice do Joomla (CWE-284) permite que atacantes não autenticados ou com baixos privilégios contornem verificações de autorização e acessem APIs protegidas. A vulnerabilidade afeta versões 4.0.0 até 4.2.7; a exploração requer acesso à rede dos endpoints com ausência de verificação de autenticação em certos casos.

Resumo gerado e traduzido por IA a partir da descrição oficial.
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
Joomla! Project · Joomla! CMS
PoCs públicas encontradas47
githubgithub.com/Acceis/exploit-CVE-2023-2375293githubgithub.com/Ap0dexMe0/CVE-2023-2375234githubgithub.com/z3n70/CVE-2023-2375217githubgithub.com/K3ysTr0K3R/CVE-2023-23752-EXPLOIT16githubgithub.com/keyuan15/CVE-2023-2375212githubgithub.com/gibran-abdillah/CVE-2023-237527githubgithub.com/adhikara13/CVE-2023-237527githubgithub.com/Youns92/Joomla-v4.2.8---CVE-2023-237526githubgithub.com/0xNahim/CVE-2023-237525githubgithub.com/karthikuj/CVE-2023-23752-Docker4githubgithub.com/Sweelg/CVE-2023-237524githubgithub.com/Fernando-olv/Joomla-CVE-2023-237524githubgithub.com/ifacker/CVE-2023-23752-Joomla3githubgithub.com/Vulnmachines/joomla_CVE-2023-237523githubgithub.com/Saboor-Hakimi/CVE-2023-237523githubgithub.com/blacks1ph0n/CVE-2023-237522githubgithub.com/GhostToKnow/CVE-2023-237522githubgithub.com/0xWhoami35/CVE-2023-237522githubgithub.com/yusinomy/CVE-2023-237522githubgithub.com/ibaiw/joomla_CVE-2023-237522githubgithub.com/AlissonFaoli/CVE-2023-237521githubgithub.com/JohnDoeAnonITA/CVE-2023-237521githubgithub.com/r3dston3/CVE-2023-237521githubgithub.com/wangking1/CVE-2023-23752-poc1githubgithub.com/Pushkarup/CVE-2023-237521githubgithub.com/h3x0v3rl0rd/CVE-2023-237521githubgithub.com/AkbarWiraN/Joomla-Scanner1githubgithub.com/shellvik/CVE-2023-237520githubgithub.com/gunzf0x/CVE-2023-237520githubgithub.com/sw0rd1ight/CVE-2023-237520githubgithub.com/adriyansyah-mf/CVE-2023-237520githubgithub.com/Jenderal92/Joomla-CVE-2023-237520githubgithub.com/Ge-Per/Scanner-CVE-2023-237520githubgithub.com/MrP4nda1337/CVE-2023-237520githubgithub.com/yTxZx/CVE-2023-237520githubgithub.com/Ly0kha/Joomla-CVE-2023-23752-Exploit-Script0githubgithub.com/svaltheim/CVE-2023-237520githubgithub.com/hadrian3689/CVE-2023-23752_Joomla0githubgithub.com/C1ph3rX13/CVE-2023-237520githubgithub.com/JeneralMotors/CVE-2023-237520githubgithub.com/Rival420/CVE-2023-237520githubgithub.com/mariovata/CVE-2023-23752-Python0githubgithub.com/0xx01/CVE-2023-237520githubgithub.com/Aureum01/CVE-2023-237520githubgithub.com/Marwan651/Joomla-CMS-Full-Lifecycle-Pentest0githubgithub.com/Sharma01672/traveller-htb0exploitdbwww.exploit-db.com/exploits/51334não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23752