automatic module_metadata_base.json update

2023-04-21 10:14:29 -05:00 · 2023-04-21 10:14:29 -05:00 · 0436e8bad9
parent 365b7c099c
commit 0436e8bad9
1 changed files with 61 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -31534,6 +31534,67 @@
    "session_types": false,
    "needs_cleanup": false
  },
+  "auxiliary_scanner/http/joomla_api_improper_access_checks": {
+    "name": "Joomla API Improper Access Checks",
+    "fullname": "auxiliary/scanner/http/joomla_api_improper_access_checks",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2023-02-01",
+    "type": "auxiliary",
+    "author": [
+      "h00die",
+      "Tianji Lab"
+    ],
+    "description": "Joomla versions between 4.0.0 and 4.2.7, inclusive, contain an improper API access vulnerability.\n          This vulnerability allows unauthenticated users access to webservice endpoints which contain\n          sensitive information. Specifically for this module we exploit the users and config/application\n          endpoints.\n\n          This module was tested against Joomla 4.2.7 running on Docker.",
+    "references": [
+      "EDB-51334",
+      "URL-https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html",
+      "URL-https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/",
+      "URL-https://attackerkb.com/topics/18qrh3PXIX/cve-2023-23752",
+      "CVE-2023-23752"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2023-04-20 16:23:52 +0000",
+    "path": "/modules/auxiliary/scanner/http/joomla_api_improper_access_checks.rb",
+    "is_install_path": true,
+    "ref_name": "scanner/http/joomla_api_improper_access_checks",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false
+  },
  "auxiliary_scanner/http/joomla_bruteforce_login": {
    "name": "Joomla Bruteforce Login Utility",
    "fullname": "auxiliary/scanner/http/joomla_bruteforce_login",