CVE-2019-25762
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk35th percentile - higher than 35% of all known CVEs
Summary
The JoomProject component version 1.1.3.2 for Joomla! contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data. Attackers can send requests to index.php with specific parameters to retrieve user IDs, names, and email addresses in JSON format.
Risk Assessment
The disclosure of sensitive user data may lead to privacy violations and the use of this information in social engineering attacks. Organizations should be aware of the risks associated with unauthorized access to personal data.
Recommendation
It is recommended to update the JoomProject component to the latest version to mitigate this vulnerability. Additionally, it is advisable to restrict access to endpoints that may expose sensitive data.
Original NVD description (English source)
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.

