CVE-2023-28732

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-28732

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28732.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-28732

Published

2023-03-30T12:15:07.620Z

Modified

2026-04-02T08:49:22.828456Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office.

This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.

References

Affected packages

Git / github.com/acyba/acymailing

Affected ranges

Type

GIT

Repo

https://github.com/acyba/acymailing

Events

Introduced

Fixed

fe99844294e54183f33f9721a72c9b4ce1aa64a5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.3.0"
        }
    ]
}

Affected versions

v6.*

v6.13.1

v6.13.2

v6.13.3

v6.14.1

v6.15.0

v6.16.0

v6.16.1

v6.16.2

v6.16.3

v6.16.4

v6.17.0

v6.17.1

v6.18.2

v6.18.3

v6.19.0

v6.19.1

v6.19.2

v7.*

v7.0.0

v7.0.1

v7.0.3

v7.0.4

v7.1.0

v7.1.1

v7.1.2

v7.3.0

v7.3.1

v7.5.0

v7.5.10

v7.5.11

v7.5.12

v7.5.7

v7.6.2

v7.7.0

v7.7.1

v7.7.2

v7.7.3

v7.7.4

v7.7.5

v7.7.6

v7.8.0

v7.8.1

v7.8.2

v7.8.3

v7.9.0

v7.9.1

v7.9.2

v7.9.3

v7.9.4

v7.9.5

v7.9.6

v7.9.7

v7.9.8

v8.*

v8.0.0

v8.1.0

v8.1.1

v8.1.2

v8.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28732.json"