CVE-2024-40749

High CVSS: 7.5

Improper Access Controls allows access to protected views.

Vendor

Product

CWE

Yayın Tarihi

2025-01-07 17:15:23

Güncelleme

2025-06-04 20:55:46

Source Identifier

security@joomla.org

KEV Date Added

CWE-284 Joomla\! HIGH Joomla 2025

https://developer.joomla.org/security-centre/956-20250103-core-read-acl-violation-in-multiple-core-views.html

Medium

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

Medium

CVE-2025-63083

Lack of output escaping leads to a XSS vector in the pagebreak plugin.

Critical

CVE-2025-25226

Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database packag…

High

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

Medium

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors.

High

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.