What the vulnerability does
01Description
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 4.0.0 through 5.4.5 contain an authentication bypass vulnerability. An attacker can bypass authentication mechanisms without valid credentials due to improper authentication validation. This allows unauthorized access to restricted functionality or data. Sites should update to a version newer than 5.4.5 as soon as possible.
What an attacker can do
Bypass authentication and gain unauthorized access to restricted Joomla! functionality without valid credentials.
Potential impact on your site
Attackers can access admin features, user data, or other protected areas without logging in, potentially compromising site integrity and confidentiality.
Conditions required to exploit
Network access to the Joomla! site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities