CVE-2023-39972

EUVD-2023-43665
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
acymailingacymailing
6.7.0 ≤
𝑥
< 8.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://extensions.joomla.org/extension/acymailing-starter/
https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/
https://extensions.joomla.org/extension/acymailing-starter/
https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/