[20210101] - Core - com_modules exposes module names
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions:3.0.0 - 3.9.23 Exploit type: Incorrect Access Control Reported Date: 2020-07-07 Fixed Date: 2021-01-12 CVE Number: CVE-2021-23123 Description Lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.23 Solution Upgrade to version 3.9.24 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor
- Zugriffe: 347