PT-2021-15378 · Joomla · Joomla!
Phil Taylor
·
Published
2021-01-12
·
Updated
2025-04-03
·
CVE-2021-23123
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Joomla! versions 3.0.0 through 3.9.23
Description
The issue is related to the lack of ACL checks in the "orderPosition endpoint" of com modules, which can leak names of unpublished and/or inaccessible modules.
Recommendations
For Joomla! versions 3.0.0 through 3.9.23, consider restricting access to the orderPosition endpoint of com modules to minimize the risk of exploitation. As a temporary workaround, restrict the use of the com modules component until a patch is available.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!