Home
CRITICAL: 9.5 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:HDefault status
unaffected
4.10.14–6.0.37
affected
Default status
unaffected
3.2.12–5.1.0
affected
Default status
unaffected
6.0.0–7.1.0
affected
Default status
unaffected
5.1.7–6.1.0
affected
Default status
unaffected
2.2.0–3.1.0
affected
Default status
unaffected
1.0.0–2.1.0
affected
Description
The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.
Problem types
CWE-284 Improper Access Control
Product status
4.10.14–6.0.37
3.2.12–5.1.0
6.0.0–7.1.0
5.1.7–6.1.0
2.2.0–3.1.0
1.0.0–2.1.0
Credits
p1r0x / ssd-disclosure.com
References
tassos.gr