CVE Catalog

CVE-2019-25762

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile - higher than 35% of all known CVEs

Summary

The JoomProject component version 1.1.3.2 for Joomla! contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data. Attackers can send requests to index.php with specific parameters to retrieve user IDs, names, and email addresses in JSON format.

Risk Assessment

The disclosure of sensitive user data may lead to privacy violations and the use of this information in social engineering attacks. Organizations should be aware of the risks associated with unauthorized access to personal data.

Recommendation

It is recommended to update the JoomProject component to the latest version to mitigate this vulnerability. Additionally, it is advisable to restrict access to endpoints that may expose sensitive data.

Original NVD description (English source)

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS