An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.2.0. It is, therefore, affected by multiple full path disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes done in 4.2.0.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.2.0 prior to 4.2.1. It is, therefore, affected by a vulnerability.

  - An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die     check' caused by the PSR12 changes. (CVE-2022-27911)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
113368	Joomla! 4.2.0 Multiple Full Path Disclosures	Web App Scanning	Component Vulnerability	medium
164533	Joomla 4.2.0 < 4.2.1 Joomla 4.2.1 Security and Bug Fix Release (5866-joomla-4-2-1-release)	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2022-27911

medium

Tenable Plugins

medium

medium