- Project: Joomla!
- SubProject: CMS
- Impact: Low
- Severity: Low
- Versions: 3.0.0 - 3.9.26
- Exploit type: CSRF
- Reported Date: 2021-05-07
- Fixed Date: 2021-05-25
- CVE Number: CVE-2021-26034
Description
A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
Affected Installs
Joomla! CMS versions 3.0.0 - 3.9.26
Solution
Upgrade to version 3.9.27
Contact
The JSST at the Joomla! Security Centre....
Read more https://developer.joomla.org/security-centre/854-20210503-core-csrf-in-data-download-endpoints.html