What the vulnerability does
01Description
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 4.0.0 through 5.4.5 contain an authentication bypass vulnerability. An attacker can bypass authentication mechanisms without valid credentials due to improper authentication validation. This allows unauthorized access to restricted functionality or data. Sites should update to a version newer than 5.4.5 as soon as possible.
What an attacker can do
Bypass authentication and gain unauthorized access to restricted areas or functionality.
Potential impact on your site
Unauthorized users can access admin functions, user data, or other protected resources without logging in.
Conditions required to exploit
Network access to the Joomla site; no valid credentials or user interaction required.
Key dates
External resources
Related vulnerabilities