Home

Description

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.

PUBLISHED Reserved 2026-06-19 | Published 2026-06-19 | Updated 2026-06-22 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Exposure of Private Personal Information to an Unauthorized Actor

Product status

1.1.3.2
affected

Credits

Ihsan Sencan finder

References

www.exploit-db.com/exploits/46121 (ExploitDB-46121) exploit

joomboost.com/ (Official Product Homepage) product

extensions.joomla.org/...ject-a-task-management/joomproject/ (Product Reference) product

www.vulncheck.com/...nent-joomproject-information-disclosure (VulnCheck Advisory: Joomla! Component JoomProject 1.1.3.2 Information Disclosure) third-party-advisory

cve.org (CVE-2019-25762)

nvd.nist.gov (CVE-2019-25762)

Download JSON