- Description
- The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
- Source
- security@joomla.org
- NVD status
- Analyzed
- Products
- joomla\!
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-524
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F29F0C8-03D1-4381-B42C-9D46ED87C6E8",
"versionEndExcluding": "5.4.6",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C5DA4D-FEC6-4EF3-A886-FBF7DDE2EC33",
"versionEndExcluding": "6.1.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]