CVE-2023-39973

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
JoomlaCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
acymailingacymailing
6.7.0 ≤
𝑥
< 8.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://extensions.joomla.org/extension/acymailing-starter/
https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/
https://extensions.joomla.org/extension/acymailing-starter/
https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/