8.8

CVE-2020-13760

In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JoomlaJoomla! Version >= 3.7.1 < 3.9.19
JoomlaJoomla! Version3.7.0 Update-
JoomlaJoomla! Version3.7.0 Updatealpha1
JoomlaJoomla! Version3.7.0 Updatealpha2
JoomlaJoomla! Version3.7.0 Updatebeta1
JoomlaJoomla! Version3.7.0 Updatebeta2
JoomlaJoomla! Version3.7.0 Updatebeta3
JoomlaJoomla! Version3.7.0 Updatebeta4
JoomlaJoomla! Version3.7.0 Updaterc1
JoomlaJoomla! Version3.7.0 Updaterc2
JoomlaJoomla! Version3.7.0 Updaterc3
JoomlaJoomla! Version3.7.0 Updaterc4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.003
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.