// For flags

CVE-2023-23752

Joomla! Improper Access Control Vulnerability

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

45
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

Joomla! versions prior to 4.2.8 suffer from an unauthenticated information disclosure vulnerability.

Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints.

*Credits: Zewei Zhang from NSFOCUS TIANJI Lab
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-01-17 CVE Reserved
  • 2023-02-16 CVE Published
  • 2023-02-18 First Exploit
  • 2024-01-08 Exploited in Wild
  • 2024-01-29 KEV Due Date
  • 2024-08-04 CVE Updated
  • 2024-11-05 EPSS Updated
CWE
  • CWE-284: Improper Access Control
CAPEC
References (48)
URL Date SRC
https://www.exploit-db.com/exploits/51334 2023-04-08
https://github.com/Acceis/exploit-CVE-2023-23752 2023-12-27
https://github.com/ThatNotEasy/CVE-2023-23752 2023-07-24
https://github.com/gibran-abdillah/CVE-2023-23752 2023-03-14
https://github.com/K3ysTr0K3R/CVE-2023-23752-EXPLOIT 2023-12-04
https://github.com/Fernando-olv/Joomla-CVE-2023-23752 2023-12-04
https://github.com/Ly0kha/Joomla-CVE-2023-23752-Exploit-Script 2023-11-29
https://github.com/Rival420/CVE-2023-23752 2024-02-19
https://github.com/shellvik/CVE-2023-23752 2023-12-29
https://github.com/AlissonFaoli/CVE-2023-23752 2024-04-25
https://github.com/Pushkarup/CVE-2023-23752 2023-10-25
https://github.com/0xx01/CVE-2023-23752 2024-04-28
https://github.com/JeneralMotors/CVE-2023-23752 2023-12-18
https://github.com/z3n70/CVE-2023-23752 2023-02-24
https://github.com/ifacker/CVE-2023-23752-Joomla 2023-02-23
https://github.com/Jenderal92/Joomla-CVE-2023-23752 2023-03-11
https://github.com/Sweelg/CVE-2023-23752 2023-06-16
https://github.com/keyuan15/CVE-2023-23752 2023-03-03
https://github.com/adhikara13/CVE-2023-23752 2023-04-04
https://github.com/Youns92/Joomla-v4.2.8---CVE-2023-23752 2023-11-28
https://github.com/adriyansyah-mf/CVE-2023-23752 2023-03-07
https://github.com/0xNahim/CVE-2023-23752 2023-03-26
https://github.com/JohnDoeAnonITA/CVE-2023-23752 2024-05-03
https://github.com/mil4ne/CVE-2023-23752-Joomla-v4.2.8 2024-05-05
https://github.com/karthikuj/CVE-2023-23752-Docker 2023-03-25
https://github.com/Saboor-Hakimi/CVE-2023-23752 2023-02-18
https://github.com/GhostToKnow/CVE-2023-23752 2023-03-10
https://github.com/0xWhoami35/CVE-2023-23752 2024-04-11
https://github.com/yusinomy/CVE-2023-23752 2023-02-18
https://github.com/wangking1/CVE-2023-23752-poc 2023-02-23
https://github.com/lainonz/CVE-2023-23752 2024-06-02
https://github.com/gunzf0x/CVE-2023-23752 2023-12-19
https://github.com/C1ph3rX13/CVE-2023-23752 2023-12-25
https://github.com/blacks1ph0n/CVE-2023-23752 2023-11-03
https://github.com/TindalyTn/CVE-2023-23752 2023-12-20
https://github.com/svaltheim/CVE-2023-23752 2023-11-30
https://github.com/yTxZx/CVE-2023-23752 2023-10-20
https://github.com/Aureum01/CVE-2023-23752 2024-08-11
https://github.com/MrP4nda1337/CVE-2023-23752 2023-07-26
https://github.com/r3dston3/CVE-2023-23752 2023-11-30
https://github.com/N3rdyN3xus/CVE-2023-23752 2024-05-31
https://github.com/sw0rd1ight/CVE-2023-23752 2023-02-18
https://github.com/wibuheker/Joomla-CVE-2023-23752 2023-05-08
https://github.com/Ge-Per/Scanner-CVE-2023-23752 2023-06-12
https://github.com/mariovata/CVE-2023-23752-Python 2024-04-15
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Joomla
Search vendor "Joomla"
Joomla\!
Search vendor "Joomla" for product "Joomla\!"
>= 4.0.0 <= 4.2.7
Search vendor "Joomla" for product "Joomla\!" and version " >= 4.0.0 <= 4.2.7"
-
Affected