Faizan Wani

#14004of 53,635
19.2Total CVSS
Vulnerabilities · 4
Medium
4
PT-2023-19175
6.3
2023-02-01
Joomla · Joomla! · CVE-2023-23750
**Name of the Vulnerable Software and Affected Versions** Joomla! versions 4.0.0 through 4.2.6 **Description** A missing token check causes a CSRF vulnerability in the handling of post-installation messages. This issue affects the handling of post-installation messages, potentially allowing for unauthorized actions. **Recommendations** For Joomla! versions 4.0.0 through 4.2.6, update to a version that includes the fix for the missing token check to prevent CSRF vulnerabilities in post-installation message handling. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-19176
4.3
2023-02-01
Joomla · Joomla! · CVE-2023-23751
**Name of the Vulnerable Software and Affected Versions** Joomla! versions 4.0.0 through 4.2.4 **Description** An issue was discovered that allows non super-admin users to access com actionlogs due to a missing ACL check. **Recommendations** For Joomla! versions 4.0.0 through 4.2.4, consider restricting access to com actionlogs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-9386
4.3
2022-05-16
Crafter · Crafter Cms · CVE-2021-23265
**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A logged-in and authenticated user with a Reviewer Role may lock a content item. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-9387
4.3
2022-05-16
Crafter · Crafter Cms · CVE-2021-23266
**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.