CVE-2024-27185

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Joomla CMS versions 3.10.16, 4.4.6, 5.1.2

Description The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. This issue poses undisclosed risks via remote attack.

Recommendations For Joomla CMS version 3.10.16, patch to the latest version ASAP. For Joomla CMS version 4.4.6, patch to the latest version ASAP. For Joomla CMS version 5.1.2, patch to the latest version ASAP. As a temporary workaround, consider restricting the use of the pagination function until a patch is available.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-349CWE-444

Related Identifiers

BIT-JOOMLA-2024-27185

CVE-2024-27185

Affected Products

Joomla! Cms

CVE-2024-27185

Weakness Enumeration

Related Identifiers

Affected Products

References · 11