Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Artio
CVE-2023-54357 (GCVE-0-2023-54357)
Vulnerability from cvelistv5 – Published: 2026-06-19 17:52 – Updated: 2026-06-19 17:52
VLAI
Title
Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration
Summary
Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=com_booking, controller=customer, task=getUserData, and an id parameter to retrieve user names, usernames, and email addresses through brute force enumeration.
Severity
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51595 | exploit |
| http://www.artio.net/ | product |
| http://www.artio.net/downloads/joomla/book-it/boo… | product |
| https://www.vulncheck.com/advisories/joomla-com-b… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Artio | Joomla! com_booking component |
Affected:
2.4.9
|
Date Public
2023-07-12 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "Joomla! com_booking component",
"vendor": "Artio",
"versions": [
{
"status": "affected",
"version": "2.4.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "qw3rTyTy"
}
],
"datePublic": "2023-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=com_booking, controller=customer, task=getUserData, and an id parameter to retrieve user names, usernames, and email addresses through brute force enumeration."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T17:52:06.684Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51595",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51595"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.artio.net/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.artio.net/downloads/joomla/book-it/book-it-2-free/download"
},
{
"name": "VulnCheck Advisory: Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/joomla-com-booking-information-disclosure-via-account-enumeration"
}
],
"title": "Joomla com_booking 2.4.9 Information Disclosure via Account Enumeration",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-54357",
"datePublished": "2026-06-19T17:52:06.684Z",
"dateReserved": "2026-01-10T01:51:52.988Z",
"dateUpdated": "2026-06-19T17:52:06.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-40657 (GCVE-0-2023-40657)
Vulnerability from cvelistv5 – Published: 2023-12-14 08:51 – Updated: 2024-08-04 08:42
VLAI
Title
Extension - artio.net - Reflected XSS in Joomdoc component for Joomla 1.0.0-4.0.5
Summary
A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla.
Severity
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://extensions.joomla.org/extension/joomdoc/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| artio.net | Joomdoc component for Joomla |
Affected:
1.0.0-4.0.5
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/joomdoc/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/joomdoc/",
"defaultStatus": "unaffected",
"packageName": "com_joomdoc",
"product": "Joomdoc component for Joomla",
"vendor": "artio.net",
"versions": [
{
"status": "affected",
"version": "1.0.0-4.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sai Krishna P and Siva Pothuluru S"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla."
}
],
"value": "A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla."
}
],
"impacts": [
{
"capecId": "CAPEC-18",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-18 XSS Targeting Non-Script Elements"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T08:42:06.240Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/joomdoc/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - artio.net - Reflected XSS in Joomdoc component for Joomla 1.0.0-4.0.5",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-40657",
"datePublished": "2023-12-14T08:51:56.186Z",
"dateReserved": "2023-08-18T04:29:42.287Z",
"dateUpdated": "2024-08-04T08:42:06.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}