What the vulnerability does
01Description
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 6.0.0 through 6.1.0 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of a high-privileged user. The vulnerability requires user interaction—the victim must visit a malicious page while logged in. An attacker can modify site settings or content if a high-privilege user is tricked into visiting their crafted link.
What an attacker can do
Perform unauthorized actions (modify settings or content) on behalf of a high-privilege user who visits a malicious page.
Potential impact on your site
A high-privilege user's session can be hijacked to make unwanted changes to your site without their knowledge.
Conditions required to exploit
High-privilege user account must exist; victim must visit attacker-controlled page while logged in to Joomla.
Key dates
External resources
Related vulnerabilities