Description

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.

Remediation

References

CVE-2021-26034

Related Vulnerabilities

WordPress Plugin WP Legal Pages Cross-Site Scripting (1.0.1)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Scripting (2.6.5)

WordPress Plugin YARPP-Yet Another Related Posts PHP Object Injection (4.4)

WordPress Plugin WP Glossary 'ajax.php' SQL Injection (0.1)

WordPress Plugin WPtouch Cross-Site Scripting (3.7.5.3)

Severity

Medium

Classification

CVE-2021-26034 CWE-352

Tags

Missing Update Known Vulnerabilities