CVE-2020-10239

HIGH

Joomla! 3.7.0-3.9.15 - Incorrect Access Control in com_fields SQL Fieldtype

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10239. PoCs published by HoangKien1020.

AI-analyzed exploit summary This PoC exploits CVE-2020-10239, an incorrect access control vulnerability in Joomla's com_fields SQL field, allowing privilege escalation from Manager to Super Admin and subsequent RCE via template file manipulation.

Description

An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.

Exploits (1)

nomisec WORKING POC 6 stars

by HoangKien1020 · poc

https://github.com/HoangKien1020/CVE-2020-10239

View Code ZIP pw:eip

This PoC exploits CVE-2020-10239, an incorrect access control vulnerability in Joomla's com_fields SQL field, allowing privilege escalation from Manager to Super Admin and subsequent RCE via template file manipulation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Joomla core from 3.7.0 to 3.9.15

Auth required

Prerequisites: Manager-level credentials · Access to Joomla administrator interface

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field

Scores

CVSS v3 8.8

EPSS 0.0266

EPSS Percentile 83.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-863

Status published

Products (1)

joomla/joomla\! 3.7.0 - 3.9.16

Published Mar 16, 2020

Tracked Since Feb 18, 2026