CVE-2022-26520 is a vulnerability that affects the popular open-source content management system Joomla!. It was discovered in January 2022 and reported to the Joomla! security team. The vulnerability allows an attacker to gain unauthorized access to the administrative control panel of Joomla!, potentially leading to a complete compromise of the website. The vulnerability affects all versions of Joomla! from 3.5.0 to 3.9.27.
The vulnerability arises due to insufficient validation of user input in the Joomla! admin login form. An attacker can inject specially crafted strings into the password field, bypassing the authentication mechanism and gaining administrative access to the website. The vulnerability has a CVSS score of 9.8 out of 10, indicating its criticality.
The Joomla! security team released a fix for the vulnerability in February 2022 with the release of version 3.9.28. Administrators are strongly advised to update their installations to the latest version to mitigate the risk of exploitation. The incident highlights the importance of regularly applying security patches and keeping up-to-date with software releases to ensure the security of web applications.