Application Details
Joomla! is a free and open-source content management system (CMS) for publishing web content. It is built on a model–view–controller web application framework that can be used independently of the CMS that allows developers to build powerful online applications.
Vulnerability
Joomla! CMS could allow a remote attacker to bypass security restrictions, caused by improper access control.
Identification
This API is used to obtain the most important configuration information of the website, including the account number and password of the database.
GET /api/index.php/v1/config/application?public=trueDetection
By turning this into a traffic file and matching rule, we are able to detect attempts by unauthenticated attackers to gain unauthorised access to webservice endpoints.
Coverage
Idappcom has created signature 8023574 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Comments