The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.

According to its self-reported version, the instance of Joomla! running on the remote web server is 1.6.x prior to 4.4.1 or 5.x prior to 5.0.1. It is, therefore, affected by an information disclosure vulnerability. The language file parsing process could be manipulated to expose environment variables.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the instance of Joomla! running on the remote web server is 5.0.0 prior to 5.0.1 or 1.6.x prior to 4.4.1. It is, therefore, affected by a vulnerability.

  - The language file parsing process could be manipulated to expose environment variables. Environment     variables might contain sensible information. (CVE-2023-40626)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
114140	Joomla! 1.6.x < 4.4.1 Information Disclosure	Web App Scanning	Component Vulnerability	high
114139	Joomla! 5.x < 5.0.1 Information Disclosure	Web App Scanning	Component Vulnerability	high
186902	Joomla 5.0.0 < 5.0.1 / 1.6.x < 4.4.1 Joomla 5.0.1 and 4.4.1 Security and Bug Fix Release (5901-joomla-5-0-1-and-4-4-1-security-and-bug-fix-release)	Nessus	CGI abuses	high

Detections

Analytics

CVE-2023-40626

high

Tenable Plugins

high

high

high