CVE-2019-25762 PUBLISHED

Joomla! Component JoomProject 1.1.3.2 Information Disclosure

Assigner: VulnCheck
Reserved: 19.06.2026 Published: 19.06.2026 Updated: 19.06.2026

Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Joomboost
Product JoomProject
Versions
  • Version 1.1.3.2 is affected

Credits

  • Ihsan Sencan finder

References

Problem Types

  • Exposure of Private Personal Information to an Unauthorized Actor CWE