PT-2023-7562 · Joomla · Joomla!

Published

2023-11-29

Updated

2025-04-03

CVE-2023-40626

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Joomla (affected versions not specified)

Description The issue is related to the language file parsing process, which could be manipulated to expose environment variables. These environment variables might contain sensitive information. The vulnerability is associated with a lack of protection for service data in the Joomla content management system, potentially allowing a remote attacker to access confidential data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Privilege Assignment

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-284CWE-200

Related Identifiers

BDU:2023-08617

BIT-JOOMLA-2023-40626

CVE-2023-40626

Affected Products

Joomla!

PT-2023-7562 · Joomla · Joomla!

CVE-2023-40626

Weakness Enumeration

Related Identifiers

Affected Products

References · 16