CVE-2020-13760

Published: Jun 2, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.

Affected (12)

Products: Joomla: Joomla!

1 product

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	From 3.7.1 to 3.9.19
Joomla Joomla!	Version 3.7.0
Joomla Joomla!	Version 3.7.0 alpha1
Joomla Joomla!	Version 3.7.0 alpha2
Joomla Joomla!	Version 3.7.0 beta1
Joomla Joomla!	Version 3.7.0 beta2
Joomla Joomla!	Version 3.7.0 beta3
Joomla Joomla!	Version 3.7.0 beta4
Joomla Joomla!	Version 3.7.0 rc1
Joomla Joomla!	Version 3.7.0 rc2
Joomla Joomla!	Version 3.7.0 rc3
Joomla Joomla!	Version 3.7.0 rc4

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall

Source: cve@mitre.org

Vendor Advisory

https://developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.