一、 漏洞 CVE-2023-23752 基础信息
漏洞信息
                                        # [20230201] - 内核 - 网络服务端点中的访问检查不当

## 漏洞概述
Joomla! 4.0.0至4.2.7版本中存在一个访问控制问题,导致未经授权的用户可以访问WebService端点。

## 影响版本
- Joomla! 4.0.0
- Joomla! 4.2.7

## 细节
由于访问控制检查不充分,攻击者可以利用此漏洞访问WebService端点,即使他们没有适当的权限。

## 影响
该漏洞可能导致敏感信息泄露或未经授权的操作执行,进而影响系统的安全性和稳定性。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
[20230201] - Core - Improper access check in webservice endpoints
来源:美国国家漏洞数据库 NVD
漏洞描述信息
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Joomla 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Joomla是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla 4.0.0版本至4.2.7版本存在安全漏洞,该漏洞源于不正确的访问检查,允许对web服务端点进行未经授权的访问。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2023-23752 的公开POC
# POC 描述 源链接 神龙链接
1 Joomla! 未授权访问漏洞 https://github.com/YusinoMy/CVE-2023-23752 POC详情
2 CVE-2023-23752 nuclei template https://github.com/Saboor-Hakimi/CVE-2023-23752 POC详情
3 PoC for CVE-2023-23752 (joomla CMS) https://github.com/WhiteOwl-Pub/CVE-2023-23752 POC详情
4 Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. https://github.com/Vulnmachines/joomla_CVE-2023-23752 POC详情
5 CVE-2023-23752 poc https://github.com/wangking1/CVE-2023-23752-poc POC详情
6 未授权访问漏洞 https://github.com/ibaiw/joomla_CVE-2023-23752 POC详情
7 CVE-2023-23752 Joomla 未授权访问漏洞 poc https://github.com/ifacker/CVE-2023-23752-Joomla POC详情
8 simple program for joomla CVE-2023-23752 scanner for pentesting and educational purpose https://github.com/z3n70/CVE-2023-23752 POC详情
9 Joomla 未授权访问漏洞 CVE-2023-23752 https://github.com/keyuan15/CVE-2023-23752 POC详情
10 None https://github.com/adriyansyah-mf/CVE-2023-23752 POC详情
11 Mass Checker CVE-2023-23752 https://github.com/haxor1337x/Mass-Checker-CVE-2023-23752 POC详情
12 开源,go多并发批量探测poc,准确率高 https://github.com/GhostToKnow/CVE-2023-23752 POC详情
13 Bulk scanner + get config from CVE-2023-23752 https://github.com/gibran-abdillah/CVE-2023-23752 POC详情
14 An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. https://github.com/H454NSec/CVE-2023-23752 POC详情
15 python 2.7 https://github.com/Jenderal92/Joomla-CVE-2023-23752 POC详情
16 Joomla! < 4.2.8 - Unauthenticated information disclosure https://github.com/Acceis/exploit-CVE-2023-23752 POC详情
17 Joomla Unauthorized Access Vulnerability (CVE-2023-23752) Dockerized https://github.com/karthikuj/CVE-2023-23752-Docker POC详情
18 None https://github.com/0xNahim/CVE-2023-23752 POC详情
19 Poc for CVE-2023-23752 https://github.com/adhikara13/CVE-2023-23752 POC详情
20 CVE-2023-23752 https://github.com/AkbarWiraN/Joomla-Scanner POC详情
21 Perform With Mass Exploiter In Joomla 4.2.8. https://github.com/ThatNotEasy/CVE-2023-23752 POC详情
22 None https://github.com/wibuheker/Joomla-CVE-2023-23752 POC详情
23 Joomla未授权访问漏洞 https://github.com/Sweelg/CVE-2023-23752 POC详情
24 simple program for joomla scanner CVE-2023-23752 with target list https://github.com/MrP4nda1337/CVE-2023-23752 POC详情
25 Mass CVE-2023-23752 scanner https://github.com/k0valskia/CVE-2023-23752 POC详情
26 None https://github.com/yTxZx/CVE-2023-23752 POC详情
27 Joomla Unauthenticated Information Disclosure (CVE-2023-23752) exploit https://github.com/AlissoftCodes/CVE-2023-23752 POC详情
28 Exploit for CVE-2023-23752 (4.0.0 <= Joomla <= 4.2.7). https://github.com/Pushkarup/CVE-2023-23752 POC详情
29 Joomla Unauthorized Access Vulnerability https://github.com/cybernetwiz/CVE-2023-23752 POC详情
30 CVE-2023-23752 https://github.com/Youns92/Joomla-v4.2.8---CVE-2023-23752 POC详情
31 Joomla CVE-2023-23752 Exploit Script https://github.com/Ly0kha/Joomla-CVE-2023-23752-Exploit-Script POC详情
32 Joomla! 未授权访问漏洞 https://github.com/yusinomy/CVE-2023-23752 POC详情
33 None https://github.com/r3dston3/CVE-2023-23752 POC详情
34 None https://github.com/svaltheim/CVE-2023-23752 POC详情
35 This Python implementation serves an educational purpose by demonstrating the exploitation of CVE-2023-23752. The code provides insight into the vulnerability's exploitation. https://github.com/Fernando-olv/Joomla-CVE-2023-23752 POC详情
36 A PoC exploit for CVE-2023-23752 - Joomla Improper Access Check in Versions 4.0.0 through 4.2.7 https://github.com/K3ysTr0K3R/CVE-2023-23752-EXPLOIT POC详情
37 PoC for CVE-2023-23752 (joomla CMS) https://github.com/WhiteOwl-Pub/Joomla-PoC-CVE-2023-23752 POC详情
38 None https://github.com/hadrian3689/CVE-2023-23752_Joomla POC详情
39 CVE-2023-23752 Joomla Unauthenticated Information Disclosure https://github.com/C1ph3rX13/CVE-2023-23752 POC详情
40 Mass CVE-2023-23752 scanner https://github.com/lainonz/CVE-2023-23752 POC详情
41 An access control flaw was identified, potentially leading to unauthorized access to critical webservice endpoints within Joomla! CMS versions 4.0.0 through 4.2.7. This vulnerability could be exploited by attackers to gain unauthorized access to sensitive information or perform unauthorized actions. https://github.com/JeneralMotors/CVE-2023-23752 POC详情
42 Binaries for "CVE-2023-23752" https://github.com/gunzf0x/CVE-2023-23752 POC详情
43 Mass Scanner for CVE-2023-23752 https://github.com/TindalyTn/CVE-2023-23752 POC详情
44 Poc for CVE-2023-23752 (joomla CMS) https://github.com/sw0rd1ight/CVE-2023-23752 POC详情
45 Joomla Information disclosure exploit code written in C++. https://github.com/shellvik/CVE-2023-23752 POC详情
46 None https://github.com/Ge-Per/Scanner-CVE-2023-23752 POC详情
47 Joomla! < 4.2.8 - Unauthenticated information disclosure exploit https://github.com/Rival420/CVE-2023-23752 POC详情
48 CVE-2023-23752 Data Extractor https://github.com/JohnDoeAnonITA/CVE-2023-23752 POC详情
49 None https://github.com/0xWhoami35/CVE-2023-23752 POC详情
50 Joomla! < 4.2.8 - Unauthenticated information disclosure https://github.com/mariovata/CVE-2023-23752-Python POC详情
51 Joomla Unauthenticated Information Disclosure (CVE-2023-23752) exploit https://github.com/AlissonFaoli/CVE-2023-23752 POC详情
52 A simple bash script to exploit Joomla! < 4.2.8 - Unauthenticated information disclosure https://github.com/0xx01/CVE-2023-23752 POC详情
53 Joomla! v4.2.8 - Unauthenticated information disclosure https://github.com/c0d3cr4f73r/CVE-2023-23752 POC详情
54 None https://github.com/mil4ne/CVE-2023-23752-Joomla-v4.2.8 POC详情
55 Joomla Unauthorized Access Vulnerability https://github.com/blacks1ph0n/CVE-2023-23752 POC详情
56 Joomla! v4.2.8 - Unauthenticated information disclosure https://github.com/Sp3c73rSh4d0w/CVE-2023-23752 POC详情
57 Joomla! v4.2.8 - Unauthenticated information disclosure https://github.com/0xwh1pl4sh/CVE-2023-23752 POC详情
58 Joomla! v4.2.8 - Unauthenticated information disclosure https://github.com/N3rdyN3xus/CVE-2023-23752 POC详情
59 A bash automation that exploits the vulnerable endpoints for the Joomla! API 4.0 - 4.2.7 https://github.com/Aureum01/CVE-2023-23752 POC详情
60 None https://github.com/fullaw4ke/CVE-2023-23752-Joomla-v4.2.8 POC详情
61 Joomla! v4.2.8 - Unauthenticated information disclosure https://github.com/NyxByt3/CVE-2023-23752 POC详情
62 Joomla! v4.2.8 - Unauthenticated information disclosure https://github.com/h3xcr4ck3r/CVE-2023-23752 POC详情
63 Joomla! v4.2.8 - Unauthenticated information disclosure https://github.com/n3rdh4x0r/CVE-2023-23752 POC详情
64 An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-23752.yaml POC详情
65 None https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/Joomla%20application%20%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2023-23752.md POC详情
66 https://github.com/vulhub/vulhub/blob/master/joomla/CVE-2023-23752/README.md POC详情
三、漏洞 CVE-2023-23752 的情报信息