Home
MEDIUM: 6.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:HDefault status
unaffected
4.0.0-5.4.6
affected
6.0.0-6.1.1
affected
Description
An improper access check allows unauthorized users to create custom fields via webservices endpoints.
Problem types
CWE-284 Improper Access Control
Product status
4.0.0-5.4.6
6.0.0-6.1.1
Credits
Federico Brasili, https://www.linkedin.com/in/federico-brasili-00b4b7332/
References
developer.joomla.org/...com-fields-webservice-endpoints.html