Search criteria
1 vulnerability by jDownloads
CVE-2022-27909 (GCVE-0-2022-27909)
Vulnerability from cvelistv5 – Published: 2022-05-06 17:55 – Updated: 2026-02-25 05:06
VLAI?
Title
Extension - Incorrect Access Control within jdownloads extension
Summary
In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files
Severity ?
No CVSS data available.
CWE
- Incorrect Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jDownloads | jDownloads |
Affected:
<=3.9.8.2
|
Credits
Massimo Chiriv - HackerHood Team Research
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:10.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jDownloads",
"vendor": "jDownloads",
"versions": [
{
"status": "affected",
"version": "\u003c=3.9.8.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Massimo Chiriv - HackerHood Team Research"
}
],
"datePublic": "2022-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Joomla component \u0027jDownloads 3.9.8.2 Stable\u0027 the remote user can change some parameters in the address bar and see the names of other users\u0027 files"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T05:06:05.403Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
],
"title": "Extension - Incorrect Access Control within jdownloads extension",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2022-05-06T18:00:00",
"ID": "CVE-2022-27909",
"STATE": "PUBLIC",
"TITLE": "Extension - Incorrect Access Control within jdownloads extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jDownloads",
"version": {
"version_data": [
{
"version_value": "\u003c=3.9.8.2"
}
]
}
}
]
},
"vendor_name": "jDownloads"
}
]
}
},
"credit": "Massimo Chiriv - HackerHood Team Research",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Joomla component \u0027jDownloads 3.9.8.2 Stable\u0027 the remote user can change some parameters in the address bar and see the names of other users\u0027 files"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html",
"refsource": "MISC",
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"name": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/",
"refsource": "MISC",
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2022-27909",
"datePublished": "2022-05-06T17:55:12.660Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2026-02-25T05:06:05.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}