PT-2022-16267 · Joomla · Joomla!

Phil Taylor

Published

2022-03-30

Updated

2025-04-03

CVE-2022-23795

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Joomla! versions 2.5.0 through 3.10.6 Joomla! versions 4.0.0 through 4.1.0

Description An issue was discovered where a user row was not bound to a specific authentication mechanism, which could under very special circumstances allow an account takeover.

Recommendations For Joomla! versions 2.5.0 through 3.10.6, update to a version outside of this range to resolve the issue. For Joomla! versions 4.0.0 through 4.1.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider reviewing and restricting authentication mechanisms to minimize the risk of account takeover.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BIT-JOOMLA-2022-23795

CVE-2022-23795

Affected Products

Joomla!

PT-2022-16267 · Joomla · Joomla!

CVE-2022-23795

Weakness Enumeration

Related Identifiers

Affected Products

References · 5