What the vulnerability does
01Description
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
What the vulnerability does
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
Explanation of Vulnerability in Simple Terms
Joomla! CMS versions 4.0.0 through 5.4.6 contain an access control flaw that allows high-privileged users to modify site integrity and availability settings they should not have access to. The vulnerability requires an authenticated administrator account and does not expose confidential data. Site owners should update to a version newer than 5.4.6 when available.
What an attacker can do
A high-privileged user can modify site integrity and availability settings beyond their authorized scope.
Potential impact on your site
Unauthorized configuration changes by rogue admins could degrade site stability or modify critical settings.
Conditions required to exploit
Attacker must have high-level administrator privileges and network access to the Joomla admin panel.
Key dates
External resources
Related vulnerabilities