Auth bypass in Joomla Joomla\!

CVE-2010-1435

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL i…

Vulnerability class: Broken Access Control

EPSS: 0.011 (61.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

  • Joomla Joomla\!
  • N/a Joomla — versions Joomla core from 1.5.0 up to and including 1.5.15

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2010-1435?
CVE-2010-1435 is a critical-severity vulnerability in Joomla Joomla\!, classified under Incorrect Authorization. CVSS score: 9.8/10. Published 2021-06-21.
How severe is CVE-2010-1435?
Critical severity. CVSS v3 base score is 9.8 out of 10.