Description

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.

Remediation

References

CVE-2021-26034

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2019-9021)

Internet Information Services Configuration Vulnerability (CVE-1999-0725)

WordPress Plugin CMS Tree Page View Multiple Vulnerabilities (1.4)

ownCloud Improper Authentication Vulnerability (CVE-2014-9043)

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4464)

Severity

Medium

Classification

CVE-2021-26034 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities