This readme file provides information about the Joomla Unauthorized Access Vulnerability CVE-2023–23752 and how to detect. This vulnerability allows an attacker to bypass the Joomla access control system and gain unauthorized access to the backend of a Joomla website. The exploit takes advantage of the vulnerability to achieve this goal.
- Joomla website (versions 4.0.0 and 4.2.7)
The Joomla Unauthorized Access Vulnerability (CVE-2023–23752) is a security vulnerability that allows an attacker to bypass the Joomla access control system and gain unauthorized access to the backend of a Joomla website. This vulnerability is caused by an insecure implementation of the access control system in Joomla.
There is a nuclei template provided as a proof of concept.
a request is made to the endpoint joomla/api/index.php/v1/config/application?public=True to check for the vulnerability