Description
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.
References (3)
Core 3
Core References
Release Notes
https://github.com/acyba/acymailing/releases/tag/v8.3.0
Release Notes
https://www.acymailing.com/change-log/
Third Party Advisory
https://www.bugbounty.ch/advisories/CVE-2023-28732
Scores
CVSS v3
6.5
EPSS
0.0063
EPSS Percentile
45.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
CWE-200
CWE-22
Status
published
Products (1)
acymailing/acymailing
< 8.3.0
Published
Mar 30, 2023
Tracked Since
Feb 18, 2026