Joomla! CMS releases patch for environment variable exposure flaw
Take action: The issue is not terrible but is unfortunate. Joomla has not listed exploit details but since the probability is ranked as low it means that the attacker needs to know the name of the environment variable beforehand to ask the proper exploit question. It's wise to patch, but not to rush immediately.
The Joomla! Project has announced a security update that fixes a variable exposure flaw in the CMS. The vulnerability, tracked as CVE-2023-40626 (CVSS3 score 7.5), affects versions ranging from 1.6.0 to 4.4.0 and version 5.0.0.
This security issue originates from a defect in the process of parsing language files, presenting an opportunity for attackers to access critical environment variables. These variables typically hold sensitive information such as database access credentials, authentication keys, and server configurations. If exploited, this vulnerability could lead to unauthorized access to your Joomla! installation, endangering both your website and its data.
To remedy this issue, update to the latest secured versions: Joomla 3.10.14-elts, 4.4.1, or 5.0.1.
|WordPress Kirotech UserPro plugin multiple vulnerabilities, two critical
|Cryptocurrency Widgets WordPress plugin vulnerable to SQL injection
|OpenCms vulnerable to unauthenticated XXE (XML External Entity) …
|TagDiv Plugin vulnerability used in hacking campaign on …
|Bricks 220.127.116.11 released to patch critical vulnerability in …