What the vulnerability does
01Description
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
What the vulnerability does
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 3.0.0 through 5.4.3 contain an access control flaw that allows attackers to bypass permission checks. An attacker with network access but no authentication can trigger the vulnerability to gain unauthorized access to restricted functionality or data. Site administrators should update to a version newer than 5.4.3 as soon as a patch is available.
What an attacker can do
Bypass access controls to reach restricted functionality or data without proper authorization.
Potential impact on your site
Unauthorized users may access restricted areas, user data, or administrative functions depending on the specific flaw.
Conditions required to exploit
Network access; no authentication required. Attacker interaction with the site is needed to trigger the flaw.
Key dates
External resources
Related vulnerabilities