What the vulnerability does
01Description
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
CVSS base score
What the vulnerability does
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
Explanation of Vulnerability in Simple Terms
Helix3 extension for Joomla contains an access control vulnerability that may allow unauthorized users to perform restricted actions. The exact attack vector and impact cannot be fully determined due to incomplete CVSS data. Site administrators should contact JoomShaper for clarification on affected versions and available patches.
What an attacker can do
Perform actions restricted to higher-privilege users, depending on the specific access control flaw.
Potential impact on your site
Unauthorized users may bypass intended access restrictions within the Helix3 extension.
Conditions required to exploit
Access to the Joomla site; specific privilege level and user interaction requirements unknown.
Key dates
External resources
Related vulnerabilities