An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

A broken access control allows unauthorized access to webservice endpoints allowing access to sensitive information such as database login information.

According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.2.8. It is, therefore, affected by a vulnerability.

  - An improper access check allows unauthorized access to webservice endpoints. (CVE-2023-23752)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
113584	Joomla! 4.0.0 < 4.2.8 Broken Access Control	Web App Scanning	Component Vulnerability	medium
171551	Joomla 4.0.x < 4.2.8 Joomla 4.2.8 Security Release (5878-joomla-4-2-8-security-release)	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2023-23752

medium

Tenable Plugins

medium

medium