top of page

Joomla! CMS Security Bypass (CVE-2023-23752)

Application Details

Joomla! is a free and open-source content management system (CMS) for publishing web content. It is built on a model–view–controller web application framework that can be used independently of the CMS that allows developers to build powerful online applications.


Joomla! CMS could allow a remote attacker to bypass security restrictions, caused by improper access control.


This API is used to obtain the most important configuration information of the website, including the account number and password of the database.

GET /api/index.php/v1/config/application?public=true


By turning this into a traffic file and matching rule, we are able to detect attempts by unauthenticated attackers to gain unauthorised access to webservice endpoints.


Idappcom has created signature 8023574 along with a traffic file for this vulnerability.


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here:


bottom of page