PT-2022-16270 · Joomla · Joomla!

Loïc Le Métayer

Published

2022-03-30

Updated

2025-04-03

CVE-2022-23798

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Joomla! versions 2.5.0 through 3.10.6 Joomla! versions 4.0.0 through 4.1.0

Description An issue was discovered in Joomla! where inadequate validation of URLs could result in an invalid check of whether a redirect URL is internal or not.

Recommendations For Joomla! versions 2.5.0 through 3.10.6, update to a version outside of this range to resolve the issue. For Joomla! versions 4.0.0 through 4.1.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the use of URL redirects until a patch is available.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

BIT-JOOMLA-2022-23798

CVE-2022-23798

Affected Products

Joomla!

PT-2022-16270 · Joomla · Joomla!

CVE-2022-23798

Weakness Enumeration

Related Identifiers

Affected Products

References · 6