CVE-2022-26520

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-26520 is a vulnerability that affects the popular open-source content management system Joomla!. It was discovered in January 2022 and reported to the Joomla! security team. The vulnerability allows an attacker to gain unauthorized access to the administrative control panel of Joomla!, potentially leading to a complete compromise of the website. The vulnerability affects all versions of Joomla! from 3.5.0 to 3.9.27. The vulnerability arises due to insufficient validation of user input in the Joomla! admin login form. An attacker can inject specially crafted strings into the password field, bypassing the authentication mechanism and gaining administrative access to the website. The vulnerability has a CVSS score of 9.8 out of 10, indicating its criticality. The Joomla! security team released a fix for the vulnerability in February 2022 with the release of version 3.9.28. Administrators are strongly advised to update their installations to the latest version to mitigate the risk of exploitation. The incident highlights the importance of regularly applying security patches and keeping up-to-date with software releases to ensure the security of web applications.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-26520 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)