CVE-2010-1435
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Joomla! Core es propenso a una vulnerabilidad de omisión de seguridad. La explotación de este problema puede permitir a unos atacantes llevar a cabo acciones que de otra manera estarían restringidas y posteriormente recuperar tokens de restablecimiento de contraseña de la base de datos mediante un vector de inyección SQL ya existente. Joomla! Core versiones 1.5.x que van desde la 1.5.0 hasta la 1.5.15 e incluyéndola son vulnerables
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-04-15 CVE Reserved
- 2021-06-21 CVE Published
- 2024-03-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-security-bypass-1-5-0-1-5-15 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://developer.joomla.org/security-centre/308-20100423-core-password-reset-tokens.html | 2021-09-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Joomla Search vendor "Joomla" | Joomla\! Search vendor "Joomla" for product "Joomla\!" | >= 1.5.0 <= 1.5.15 Search vendor "Joomla" for product "Joomla\!" and version " >= 1.5.0 <= 1.5.15" | - |
Affected
| ||||||