[20210503] - Core - CSRF in data download endpoints
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Low Severity: Low Versions: 3.0.0 - 3.9.26 Exploit type: CSRF Reported Date: 2021-05-07 Fixed Date: 2021-05-25 CVE Number: CVE-2021-26034 Description A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.26 Solution Upgrade to version 3.9.27 Contact The JSST at the Joomla! Security Centre. Reported By: Phil Taylor
- Zugriffe: 807