CVE-2023-39970

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 17, 2023
Updated: Aug 23, 2023
CWE ID 434

Summary

CVE-2023-39970 is a newly discovered vulnerability affecting the AcyMailing component for Joomla. This issue permits unrestricted file uploads with dangerous types, which can lead to remote code execution. An attacker can exploit this vulnerability by uploading a specially crafted file to the affected system, potentially gaining control over it. The AcyMailing component is widely used for email marketing automation in Joomla websites, making this vulnerability a significant threat to numerous organizations and individuals using this platform. It is crucial to apply the available patches or updates as soon as possible to mitigate the risk of exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share