CVE-2023-39973

EUVD-2023-43666
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
acymailingacymailing
6.7.0 ≤
𝑥
< 8.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://extensions.joomla.org/extension/acymailing-starter/
https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/
https://extensions.joomla.org/extension/acymailing-starter/
https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/