CVE-2019-25762

Description

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.

References

• http://joomboost.com/
• https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/joomproject/
• https://www.exploit-db.com/exploits/46121
• https://www.vulncheck.com/advisories/joomla-component-joomproject-information-disclosure