What the vulnerability does
01Description
An improper access check allows unauthorized access to webservice endpoints.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
What the vulnerability does
An improper access check allows unauthorized access to webservice endpoints.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 4.0.0 through 5.4.3 contain an access control flaw that allows high-privilege users to perform unauthorized actions. An attacker with administrative credentials can bypass intended restrictions to read or modify sensitive data. The vulnerability requires valid admin-level access and does not affect confidentiality, integrity, or availability of the broader system.
What an attacker can do
A high-privilege user can bypass access restrictions to read or modify data they should not access.
Potential impact on your site
Admins with compromised credentials can access restricted data; review admin account activity and audit access logs.
Conditions required to exploit
Attacker must have valid Joomla administrator credentials.
Key dates
External resources
Related vulnerabilities