CVE-2019-25762
HIGH
7.5
CVSS 3.1
Description
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.
Metadata
Severity & Metrics
7.5
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Joomboost | JoomProject | — | 1.1.3.2 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-359 | cna | Exposure of Private Personal Information to an Unauthorized Actor |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.7 | HIGH | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| 7.5 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (4)
- ExploitDB-46121 https://www.exploit-db.com/exploits/46121
- Official Product Homepage http://joomboost.com/
- Product Reference https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/joomproject/
- VulnCheck Advisory: Joomla! Component JoomProject 1.1.3.2 Information Disclosure https://www.vulncheck.com/advisories/joomla-component-joomproject-information-disclosure