{"id":65433,"date":"2023-03-28T11:25:57","date_gmt":"2023-03-28T03:25:57","guid":{"rendered":"https:\/\/version-2.com.sg\/?p=65433"},"modified":"2024-09-13T16:31:23","modified_gmt":"2024-09-13T08:31:23","slug":"cve-2023-23752-joomla-unauthorized-access-vulnerability","status":"publish","type":"post","link":"https:\/\/version-2.com\/zh\/2023\/03\/cve-2023-23752-joomla-unauthorized-access-vulnerability\/","title":{"rendered":"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"65433\" class=\"elementor elementor-65433\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"color: #000000;\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max\" width=\"1280\" height=\"605\" \/><\/span><\/p><div class=\"news-detail-inner-content\" data-v-85c4bf60=\"\" data-v-0bbc59dc=\"\"><h1><span style=\"color: #000000;\">Introduction<\/span><\/h1><p><span style=\"color: #000000;\">Unauthorized access vulnerability based on information disclosure in #Joomla CMS versions 4.0.0\u20134.2.7 has been found and registered as #CVE-2023-23752.<\/span><\/p><ul><li><p><span style=\"color: #000000;\"><strong>Project:<\/strong> Joomla!<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>SubProject:<\/strong> CMS<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>Impact:<\/strong> Critical<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>Severity:<\/strong> High<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>Probability:<\/strong> High<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>Versions: <\/strong>4.0.0\u20134.2.7<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>Exploit type:<\/strong> Incorrect Access Control<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>Reported Date:<\/strong> 2023\u201302\u201313<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>Fixed Date:<\/strong> 2023\u201302\u201316<\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong>CVE Number:<\/strong> <a style=\"color: #000000;\" href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-23752\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">CVE-2023\u201323752<\/a><\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfpqn77h00fr0jp98q4wavzz.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">What is Joomla CMS?<\/span><\/p><p><span style=\"color: #000000;\">Joomla is a popular open-source content management system (CMS) that allows users to build websites and online applications. It was first released in 2005 and has since grown to become one of the most widely used CMS platforms in the world, with a large and active community of users and developers.<\/span><\/p><p><span style=\"color: #000000;\">Joomla is built on PHP and uses a MySQL database to store and manage content. It provides a user-friendly interface for managing content, templates, and extensions, making it easy for users with little technical knowledge to create and manage websites.<\/span><\/p><p><span style=\"color: #000000;\">Joomla offers a wide range of features and functionalities, including the ability to create multiple user accounts with different levels of access, create and manage custom content types, and support for multilingual websites. It also has a large library of extensions and plugins available, allowing users to add new features and functionality to their websites.<\/span><\/p><p><span style=\"color: #000000;\">Joomla is free to use and distribute, and it is licensed under the GNU General Public License. Its open-source nature has contributed to its popularity and has allowed it to evolve over time, as the community continues to contribute to its development and improvement.<\/span><\/p><h1><span style=\"color: #000000;\">Build the\u00a0lab<\/span><\/h1><h2><span style=\"color: #000000;\">Install the system and prerequisites<\/span><\/h2><ul><li><p><span style=\"color: #000000;\">Setup Ubuntu (I\u2019m using Ubuntu server 20.04)<\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Update the server<\/span><br \/><span style=\"color: #000000;\">\u00a0<code>sudo apt update<\/code><\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Install Apache<\/span><br \/><span style=\"color: #000000;\">\u00a0<code>apt install apache2<\/code>\u00a0<\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Start the apache service<\/span><br \/><span style=\"color: #000000;\">\u00a0<code>systemctl start apache2<\/code>\u00a0<\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Check the status of the apache service<\/span><br \/><span style=\"color: #000000;\">\u00a0<code>systemctl status apache2<\/code><\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Install PHP modules<\/span><br \/><span style=\"color: #000000;\"><code>apt install php php-xml php-mysql php-mbstring php-zip php-soap php-sqlite3 php-curl php-gd php-ldap php-imap php-common<\/code><\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Install mysql<\/span><br \/><span style=\"color: #000000;\">\u00a0<code>apt install mysql-server<\/code><\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Configure the database<\/span><\/p><\/li><\/ul><pre><span style=\"color: #000000;\"><code>mysql -u root -p\ncreate database joomla;\nuse joomla;\ncreate user 'user'@localhost identified by '123456';\ngrant all privileges on joomla.* to 'user'@localhost;\nflush privileges;\nexit  <\/code><\/span><\/pre><ul><li><p><span style=\"color: #000000;\">Create a directory for Joomla<\/span><\/p><\/li><\/ul><pre><span style=\"color: #000000;\"><code>cd \/var\/www\/\nmkdir joomla\ncd joomla<\/code><\/span><\/pre><ul><li><p><span style=\"color: #000000;\">Download Joomla<\/span><\/p><\/li><\/ul><pre><span style=\"color: #000000;\"><code>wget https:\/\/downloads.joomla.org\/cms\/joomla4\/4-2-6\/Joomla_4-2-6-Stable-Full_Package.zip?format=zip<\/code><\/span><\/pre><ul><li><p><span style=\"color: #000000;\">Unzip the folder<\/span><br \/><span style=\"color: #000000;\"><code>unzip 'Joomla_4-2-6-Stable-Full_Package.zip?format=zip'<\/code><\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Configure the permissions<\/span><\/p><\/li><\/ul><pre><span style=\"color: #000000;\"><code>chown -R www-data. .\/\nchmod -R 755 .\/<\/code><\/span><\/pre><ul><li><p><span style=\"color: #000000;\">Create virtualhost<\/span><\/p><\/li><\/ul><pre><span style=\"color: #000000;\"><code>vim \/etc\/apache2\/sites-available\/joomla.conf\n\n&lt;virtualhost *:80&gt;\n\nservername www.mhzcyber.com\ndocumentroot \/var\/www\/joomla\/\n\n&lt;\/virtualhost&gt;<\/code><\/span><\/pre><ul><li><p><span style=\"color: #000000;\">Disable default access<\/span><br \/><span style=\"color: #000000;\"><code>a2dissite 000-default.conf<\/code><\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Enable site access<\/span><br \/><span style=\"color: #000000;\">\u00a0<code>a2ensite joomla.conf<\/code><\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Enable rewrite module<\/span><br \/><span style=\"color: #000000;\"><code>a2enmod rewrite<\/code><\/span><\/p><\/li><li><p><span style=\"color: #000000;\">Restart Apache service<\/span><br \/><span style=\"color: #000000;\"><code>systemctl restart apache2<\/code><\/span><\/p><\/li><\/ul><ul><li><p><span style=\"color: #000000;\">Now browse the IP address of the server or the domain name<\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmka53n13qp0jo39i6q5wb6.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmkb6rj005a0jk86z8s3fbx.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmkdqdr007q0jk8gsjpeac5.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmkei8500850jk84yql96x6.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmkfp9u13uw0jo31jbl9b9u.png\" \/><\/span><\/p><ul><li><p><span style=\"color: #000000;\">Click \u201cOpen Administrator\u201d and login<\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmkhg7p13vw0jo3493681zj.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmki0vy00a80jk88lcw05b9.png\" \/><\/span><\/p><h1><span style=\"color: #000000;\">Background Story<\/span><\/h1><h3><span style=\"color: #000000;\">What I\u2019m trying to\u00a0achieve\u00a0<\/span><\/h3><p><span style=\"color: #000000;\">here is an understanding of the software flow, understand how it works, how the vulnerable endpoint gets processed, and why when we set the <strong><em>public <\/em><\/strong>parameter to <strong><em>true <\/em><\/strong>it gives us all this data finally from where we are getting this data.<\/span><\/p><h3><span style=\"color: #000000;\">What I\u00a0did?<\/span><\/h3><p><span style=\"color: #000000;\">Basically, I started with <strong>reproducing the vulnerability<\/strong>, and from there I went to <strong>static analysis<\/strong> but when I got to the <strong><em>route() <\/em><\/strong>function, I needed more understanding of the flow, so I started <strong>debugging <\/strong>the software, following step by step.<\/span><br \/><span style=\"color: #000000;\">I explained <strong>Understand the authentication bypass<\/strong>, <strong>Understand where the config data came from<\/strong> and this part made me go back and debug from the beginning starting with index.php so we <strong>understand how the data gets loaded<\/strong>, finally I explained <strong>understand how this data gets sent <\/strong>i.e. the response.<\/span><\/p><h1><span style=\"color: #000000;\">Reproduce the vulnerability<\/span><\/h1><p><span style=\"color: #000000;\">Browse the following path:<\/span><\/p><p><span style=\"color: #000000;\"><code>api\/index.php\/v1\/config\/application?public=true<\/code><\/span><\/p><p><span style=\"color: #000000;\">Here we can see the leaked information, and all the config data of the database.<\/span><\/p><p><span style=\"color: #000000;\">This will allow us to access the database if we can remotely connect to it, and if a malicious actor got the ability to access the internal network it will be able to access the database and from there you can implement multiple attacks such as accessing other accounts inside the company, spear phishing, privilege escalation\u00a0..etc.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmkpgtj140y0jo3bl2o5m2m.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">Before we get into the static analysis, I added the methods that I went through during the debugging and the analysis trying to build a flow to make understanding this easier.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn1wlx30b6p0jqiexwjehph.png\" \/><\/span><\/p><h1><span style=\"color: #000000;\">Static Analysis<\/span><\/h1><p><span style=\"color: #000000;\">Check the directory of Joomla and you can find <strong>configuration.php<\/strong><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfml2caj00mf0jk8d1br73ey.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">I started to search for the following keywords:<\/span><\/p><ul><li><p><span style=\"color: #000000;\">configuration.php<\/span><\/p><\/li><li><p><span style=\"color: #000000;\">JConfig<\/span><\/p><\/li><li><p><span style=\"color: #000000;\">the keywords existed in the configuration file<\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\">and I find that there is an installation folder where we can see \u201cConfigurationMode.php\u201d basically the purpose of this code is to create and set the configuration file.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfml4aaj14a80jo34o969nk2.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">I was thinking but how this is getting processed? I mean where I can see what\u2019s happening when we set the <strong><em>public <\/em><\/strong>parameter to <strong><em>true<\/em><\/strong><\/span><\/p><p><span style=\"color: #000000;\">First thing let\u2019s check <code>api\/index.php<\/code>\u00a0<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfml5eh000ol0jk8hkkag6le.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">Now let\u2019s follow <code>'\/includes\/app.php'<\/code>\u00a0<\/span><\/p><p><span style=\"color: #000000;\">After reading the code here, you can read only the comments and it will be enough to make sense (it\u2019s not really relevant). However, from there the most interesting part here is the <strong><em>execute() <\/em><\/strong>function.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfml7icb14cm0jo3aad6duy3.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">I followed this and I found the <strong><em>execute() <\/em><\/strong>function in <strong><em>CMSApplication.php<\/em><\/strong><\/span><\/p><p><span style=\"color: #000000;\">I need to study this function and whatever called functions in it, basically, this function contains the high-level logic for executing the application.<\/span><\/p><p><span style=\"color: #000000;\">I started to check the first 4 functions.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfml9y4114eh0jo3aw74elia.png\" \/><\/span><\/p><ul><li><p><span style=\"color: #000000;\"><strong><em>sanityCheckSystemVariables()<\/em><\/strong><\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\">this method checks for any invalid system variables that may cause issues during the application\u2019s execution and unsets them. If there are any invalid system variables, it aborts the application.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmlc0rm00uj0jk8df7se7yl.png\" \/><\/span><\/p><ul><li><p><span style=\"color: #000000;\"><strong><em>setupLogging()<\/em><\/strong><\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\">This method sets up the logging configuration for the Joomla CMS application. It checks the application configuration for various logging-related settings and configures loggers accordingly.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmld7tr00vb0jk88knffocs.png\" \/><\/span><\/p><ul><li><p><span style=\"color: #000000;\"><strong><em>createExtensionNamespaceMap()<\/em><\/strong><\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\">This method allows the application to load a custom or default identity by creating an extension namespace map.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmlf5yy00wj0jk843ww4nde.png\" \/><\/span><\/p><ul><li><p><span style=\"color: #000000;\"><strong><em>doExecute()<\/em><\/strong><\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\">When I tried to follow this function, first I got to here:<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmlh6so14k80jo3hc8m8x8l.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">After that I found the main function here:<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmll0eb14mb0jo3a82i9lib.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">It starts with <strong><em>initialiseApp() <\/em><\/strong>which basically loads the language, sets some events, and listeners. i.e. Initialize the application.<\/span><\/p><p><span style=\"color: #000000;\">So, from the called and used functions here the one that got my attention is <strong><em>route()<\/em><\/strong><\/span><\/p><p><span style=\"color: #000000;\">You can find the route function in the following path\u00a0:\u00a0<\/span><\/p><p><span style=\"color: #000000;\">\\libraries\\src\\Application\\ApiApplication.php -&gt; route<\/span><\/p><pre><span style=\"color: #000000;\"><code>protected function route()\n    {\n        $router = $this-&gt;getContainer()-&gt;get(ApiRouter::class);\n\n        \/\/ Trigger the onBeforeApiRoute event.\n        PluginHelper::importPlugin('webservices');\n        $this-&gt;triggerEvent('onBeforeApiRoute', array(&amp;$router, $this));\n        $caught404 = false;\n        $method    = $this-&gt;input-&gt;getMethod();\n\n        try {\n            $this-&gt;handlePreflight($method, $router);\n\n            $route = $router-&gt;parseApiRoute($method);\n        } catch (RouteNotFoundException $e) {\n            $caught404 = true;\n        }\n\n        \/**\n         * Now we have an API perform content negotiation to ensure we have a valid header. Assume if the route doesn't\n         * tell us otherwise it uses the plain JSON API\n         *\/\n        $priorities = array('application\/vnd.api+json');\n\n        if (!$caught404 &amp;&amp; \\array_key_exists('format', $route['vars'])) {\n            $priorities = $route['vars']['format'];\n        }\n\n        $negotiator = new Negotiator();\n\n        try {\n            $mediaType = $negotiator-&gt;getBest($this-&gt;input-&gt;server-&gt;getString('HTTP_ACCEPT'), $priorities);\n        } catch (InvalidArgument $e) {\n            $mediaType = null;\n        }\n\n        \/\/ If we can't find a match bail with a 406 - Not Acceptable\n        if ($mediaType === null) {\n            throw new Exception\\NotAcceptable('Could not match accept header', 406);\n        }\n\n        \/** @var $mediaType Accept *\/\n        $format = $mediaType-&gt;getValue();\n\n        if (\\array_key_exists($mediaType-&gt;getValue(), $this-&gt;formatMapper)) {\n            $format = $this-&gt;formatMapper[$mediaType-&gt;getValue()];\n        }\n\n        $this-&gt;input-&gt;set('format', $format);\n\n        if ($caught404) {\n            throw $e;\n        }\n\n        $this-&gt;input-&gt;set('option', $route['vars']['component']);\n        $this-&gt;input-&gt;set('controller', $route['controller']);\n        $this-&gt;input-&gt;set('task', $route['task']);\n\n        foreach ($route['vars'] as $key =&gt; $value) {\n            if ($key !== 'component') {\n                if ($this-&gt;input-&gt;getMethod() === 'POST') {\n                    $this-&gt;input-&gt;post-&gt;set($key, $value);\n                } else {\n                    $this-&gt;input-&gt;set($key, $value);\n                }\n            }\n        }\n\n        $this-&gt;triggerEvent('onAfterApiRoute', array($this));\n\n        if (!isset($route['vars']['public']) || $route['vars']['public'] === false) {\n            if (!$this-&gt;login(array('username' =&gt; ''), array('silent' =&gt; true, 'action' =&gt; 'core.login.api'))) {\n                throw new AuthenticationFailed();\n            }\n        }\n    }<\/code><\/span><\/pre><p><span style=\"color: #000000;\">why this function is interesting? because it routes the application and routing is the process of examining the request environment to determine which component should receive the request. The component optional parameters are then set in the request object to be processed when the application is being dispatched.<\/span><\/p><h1><span style=\"color: #000000;\">Debugging<\/span><\/h1><p><span style=\"color: #000000;\">From here I started debugging since it started to be hard to understand the flow from the static analysis only.<\/span><\/p><h3><span style=\"color: #000000;\">Set the\u00a0debugger<\/span><\/h3><p><span style=\"color: #000000;\">I\u2019m using Phpstorm with Xdebug and I\u2019m on ubuntu desktop.<\/span><\/p><p><span style=\"color: #000000;\">Just download Phpstorm and start it.<\/span><\/p><p><span style=\"color: #000000;\">After that in Chrome, install this extension<\/span><\/p><p><span style=\"color: #000000;\">Xdebug helper<\/span><\/p><p><span style=\"color: #000000;\">Link: <a style=\"color: #000000;\" href=\"https:\/\/chrome.google.com\/webstore\/detail\/xdebug-helper\/eadndfjplgieldjbigjakmdgkmoaaaoc\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/chrome.google.com\/webstore\/detail\/xdebug-helper\/eadndfjplgieldjbigjakmdgkmoaaaoc<\/a><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmm5p4914y00jo3ho5hcp63.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">After you install it, go to the link, click on the extension, and click debug<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmm6kvq01c50jk8c6s8g1zw.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">Now you will get a message in phpstorem that there is a request coming.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmm7e9801cg0jk84hgbf3cq.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">NOTE: you maybe need to restart chrome browser.<\/span><\/p><p><span style=\"color: #000000;\">You can follow this video for more information:<\/span><\/p><p><span style=\"color: #000000;\"><a style=\"color: #000000;\" href=\"https:\/\/youtu.be\/3idASlzGTg4\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/youtu.be\/3idASlzGTg4<\/a><\/span><\/p><p><span style=\"color: #000000;\">As debugging and reverse engineering a binary program, usually you would set a breakpoint on the main function. we will do the same here, and in our case index.php can be considered as the main, and it starts running when it runs the app.php which all executable code should be triggered through it.<\/span><\/p><h3><span style=\"color: #000000;\">Understand how the data gets\u00a0loaded<\/span><\/h3><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmmcujs01fw0jk816ldb03x.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">While you are stepping into the program, you will notice line 25 in app.php where it\u2019s including framework.php<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmmdnm301gm0jk86wzwbo5f.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">We can see here that there is a pre-loaded configuration and it\u2019s going to load it.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmmfrlo01hz0jk8aewe3riv.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">Now in configuration.php we can see all of it.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmmlhsy157w0jo3fk2b7715.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">Here we can see that the data in configuration.php got assigned to the variable $config.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmmmc3k158b0jo38mo9aabm.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">Here I listed the important methods that I noticed the program going through<\/span><\/p><p><br \/><span style=\"color: #000000;\">NOTE: those are not all the methods\/functions but those are the most obvious and clarify how the flow works.<\/span><\/p><p><span style=\"color: #000000;\"><strong>route()<\/strong><\/span><\/p><ul><li><p><span style=\"color: #000000;\"><strong><em>getContainer()<\/em><\/strong><\/span><\/p><p><span style=\"color: #000000;\">This will get DI container, and prepare it.<\/span><\/p><p><span style=\"color: #000000;\">In Joomla CMS, a Dependency Injection (DI) container is a software component that manages the instantiation and dependency resolution of objects in the application. It is a design pattern that allows developers to write modular, decoupled, and reusable code.<\/span><\/p><p><span style=\"color: #000000;\">The Joomla DI container is based on the PHP-DI library, which provides a simple and flexible way to manage object dependencies in a Joomla application. The DI container is used to instantiate and manage objects and to inject dependencies into them.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmylbs306va0jqialb67rid.png\" \/><\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><strong><em>getMethod()<\/em><\/strong><\/span><\/p><p><br \/><span style=\"color: #000000;\">This method will get the HTTP request method.<\/span><br \/><br \/><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn06ef00fy80jk8ctky72xs.png\" \/><\/span><\/p><p><br \/><span style=\"color: #000000;\">When you follow it, you will notice it&#8217;s going to __get function, and we can see that the $method variable is set to GET.<\/span><br \/><br \/><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn0acj508ot0jqi42rd4now.png\" \/><\/span><\/p><p>\u00a0<\/p><\/li><li><p><span style=\"color: #000000;\"><strong><em>handlePreflight()<\/em><\/strong><\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\">this handles the preflight requests. A preflight request is a small request that is sent by the browser before the actual request. It contains information like which HTTP method is used, as well as if any custom HTTP headers are present. The preflight gives the server a chance to examine what the actual request will look like before it\u2019s made.<\/span><\/p><p><span style=\"color: #000000;\">Basically, it will check if this is an OPTIONS request or if CORS is enabled, if not it does nothing.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmmrsxa15cs0jo3er2p64ev.png\" \/><\/span><\/p><ul><li><p><span style=\"color: #000000;\"><strong><em>parseApiRoute()<\/em><\/strong><\/span><\/p><\/li><\/ul><p><span style=\"color: #000000;\">This method parses the given route and returns the name of a controller mapped to the given route.\u00a0<\/span><\/p><p><span style=\"color: #000000;\">it requires a method parameter, Request method to match. One of GET, POST, PUT, DELETE, HEAD, OPTIONS, TRACE, or PATCH.\u00a0<\/span><\/p><p><span style=\"color: #000000;\">it returns an array containing the controller and the matched variables. and if some error happened it will call InvalidArgumentException which is <strong>an exception that is thrown when an inappropriate argument is passed to a function<\/strong>. This could be because of an unexpected data type or invalid data.<\/span><\/p><p><span style=\"color: #000000;\">\u2014 <strong><em>getRoutePath()<\/em><\/strong><\/span><\/p><p><span style=\"color: #000000;\">This method will get the path from the route and remove any leading or trailing slash.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmmvv5o01ww0jk817hw7o7a.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">This method uses <strong><em>getInstance() <\/em><\/strong>which returns the global Uri object, only creating it if it doesn\u2019t already exist, and also <strong><em>getPath() <\/em><\/strong>which gets the URL path string. here are the values of both:<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmna95q15xv0jo39ekq9tlm.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">Now back to <strong><em>parseApiRoute()<\/em><\/strong>, we have this line<\/span><\/p><pre><span style=\"color: #000000;\"><code>$query = Uri::getInstance()-&gt;getQuery(true);<\/code><\/span><\/pre><p><span style=\"color: #000000;\">and this will retrieve the parameter <strong><em>public <\/em><\/strong>and its value<strong><em> true<\/em><\/strong><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmnbtqf15yv0jo3b0o2gr33.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">After that, it goes through a for loop to iterate through all of the known routes looking for a match, and here we can see the matches.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmne56g02dx0jk89pwt8vx9.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">From there going back to <strong><em>route()<\/em><\/strong><\/span><\/p><p><span style=\"color: #000000;\">and you can see that all the variables are set.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmo6zrd03b90jk842wj55vx.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmolbe9179p0jo39g5s77x6.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">Now it will trigger an event which means it will get the event name \u2018onAfterApiRoute\u2019 and it will set some values.<\/span><\/p><pre><span style=\"color: #000000;\"><code>$this-&gt;triggerEvent('onAfterApiRoute', array($this));<\/code><\/span><\/pre><h3><span style=\"color: #000000;\">Understand the authentication bypass<\/span><\/h3><p><span style=\"color: #000000;\">After that we go to the if statement that checks if the <code>$route<\/code> variable <\/span><br \/><span style=\"color: #000000;\">contains a key <code>'public'<\/code> and if its value is <code>false<\/code>. If the key is not set or its value is <code>false<\/code>, the code attempts to log in the user by calling the <code>$this-&gt;login()<\/code> method with two parameters: an empty array for the username and an array containing two additional parameters: <code>'silent' =&gt; true<\/code> and <code>'action' =&gt; 'core.login.api'<\/code>.<\/span><\/p><p><span style=\"color: #000000;\">If the login fails, the code throws an <code>AuthenticationFailed<\/code> exception.<\/span><\/p><p><span style=\"color: #000000;\">But if the <code>'public'<\/code> key is set to a value of <code>true<\/code> in the <code>$route<\/code> variable, the first part of the <code>if<\/code> condition in the code snippet will evaluate to <code>false<\/code>. This means that the code inside the <code>if<\/code> block will not be executed, and the user will not be required to log in.<\/span><\/p><p><span style=\"color: #000000;\">Therefore, if <code>'public'<\/code> is set to <code>true<\/code>, the user will have access to the route without the need for authentication.<\/span><\/p><p><span style=\"color: #000000;\">and this is why we can bypass the authentication or no authentication required to access the data.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmp7o5e042q0jk8batc4aeq.png\" \/><\/span><\/p><h3><span style=\"color: #000000;\">Understand where the config data came\u00a0from<\/span><\/h3><p><span style=\"color: #000000;\">Now going back to the <strong><em>doExecute()<\/em><\/strong> function, we reached to <strong><em>dispatch() <\/em><\/strong>method.<\/span><\/p><p><span style=\"color: #000000;\">when I reached here I was still trying to understand how the data gets retrieved, and while I\u2019m stepping into <strong><em>dispatch() <\/em><\/strong>method, I got here:<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmp9db817pr0jo310hnavdj.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">As you can notice the $component variable set to \u201cconfig\u201d and here I started to follow config and I found the following:<\/span><\/p><p><span style=\"color: #000000;\">libraries\/vendor\/joomla\/application\/src\/AbstractApplication.php<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmpapng17ql0jo3dijh6s67.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">and this is what pushes me to go from the beginning and start debugging from index.php to <strong>Unserstand how the data gets loaded<\/strong>.<\/span><\/p><p><span style=\"color: #000000;\">a note, $config variable, and the data are already assigned as we saw in the <strong>Understand how the data gets loaded<\/strong> section.<\/span><\/p><h3><span style=\"color: #000000;\"><strong>understand how this data gets\u00a0sent<\/strong><\/span><\/h3><p><span style=\"color: #000000;\">now we need to understand how this data gets sent.<\/span><\/p><p><span style=\"color: #000000;\">going back to <strong><em>dispatch() <\/em><\/strong>basically, it\u2019s responsible for rendering a particular component (specified by <code>$component<\/code> or via the &#8216;option&#8217; HTTP GET parameter) and setting up the associated document buffer, while also triggering a plugin event after the component has been dispatched.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmpdevp17sf0jo31ccjfg0p.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">now back to <strong><em>execute()<\/em><\/strong> it will render the output and rendering is the process of pushing the document buffers into the template placeholders, retrieving data from the document, and pushing it into the application response buffer, and here basically you will see the program sets the body content and prepare it.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmpsg3118cw0jo34d2y8nx0.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmr79en19qe0jo3baqv0s6k.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmr80eh19qu0jo3f2zja80n.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">after that, we will see the <strong><em>respond()<\/em><\/strong> method called and this method prepares the headers and the response to be sent.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmrbpy419uj0jo31xdq33y7.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmrdrnl19w70jo30d1w5x2i.png\" \/><\/span><\/p><p><span style=\"color: #000000;\">after it will trigger the <strong>onAfterRespond <\/strong>event which means it\u2019s the end but one last touch is to shut down the registered function for handling PHP fatal errors. using <strong><em>handleFatalError()<\/em><\/strong> function and you will notice that it will go to DatabaseDriver.php to <strong><em>__destructor()<\/em><\/strong> to disconnect from the database.<\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmrheey06cc0jk8h8rk6qef.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmrlgom06f20jk8b878h7gt.png\" \/><\/span><\/p><p><span style=\"color: #000000;\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfmrmefj06fk0jk8fn98h9up.png\" \/><\/span><\/p><h1><span style=\"color: #000000;\">Mitigation<\/span><\/h1><p><span style=\"color: #000000;\">Upgrade to version 4.2.8<\/span><\/p><h3><span style=\"color: #000000;\">Final Thoughts<\/span><\/h3><p><span style=\"color: #000000;\">This was a really hard one to debug and analyze, and that\u2019s because the way Joomla CMS is developed they break it into small components, methods\u00a0..etc, and basically they go through a lot of loops to break each request, take the input through some regex check, and also initiate all the needed components\/variables for this request.<\/span><\/p><p><span style=\"color: #000000;\">The explanation here was not straightforward, not like going step by step, there\u2019s some go back and forth with the analysis and this is intended since I wanted to give you a window to see closely to some level what I went through during the analysis.<\/span><\/p><p><span style=\"color: #000000;\">I believe it would be hard to really understand the whole flow not only the vulnerability itself but also the program if you don\u2019t debug it by yourself and step into it step by step. However, I tried to give more of a general look and go more in detail with the root cause of the vulnerability itself.<\/span><\/p><h1><span style=\"color: #000000;\">Resources:<\/span><\/h1><ul><li><p><span style=\"color: #000000;\"><a style=\"color: #000000;\" href=\"https:\/\/nsfocusglobal.com\/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/nsfocusglobal.com\/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice\/<\/a><\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><a style=\"color: #000000;\" href=\"https:\/\/developer.joomla.org\/security-centre\/894-20230201-core-improper-access-check-in-webservice-endpoints.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/developer.joomla.org\/security-centre\/894-20230201-core-improper-access-check-in-webservice-endpoints.html<\/a><\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><a style=\"color: #000000;\" href=\"https:\/\/github.com\/joomla-framework\/di\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/github.com\/joomla-framework\/di<\/a><\/span><\/p><\/li><li><p><span style=\"color: #000000;\"><a style=\"color: #000000;\" href=\"https:\/\/github.com\/joomla-framework\/di\/blob\/1.x-dev\/docs\/why-dependency-injection.md\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">https:\/\/github.com\/joomla-framework\/di\/blob\/1.x-dev\/docs\/why-dependency-injection.md<\/a><\/span><\/p><\/li><\/ul><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Introduction Unauthorized access vulnerability based on [&hellip;]<\/p>\n","protected":false},"author":148637484,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,1075,61],"tags":[477,1076],"class_list":["post-65433","post","type-post","status-publish","format-standard","hentry","category-vrx","category-year2023","category-press-release","tag-vrx","tag-1076"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability\" \/>\n<meta property=\"og:locale\" content=\"zh_HK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability - Version 2\" \/>\n<meta property=\"og:description\" content=\"Introduction Unauthorized access vulnerability based on [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-28T03:25:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-13T08:31:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max\" \/>\n<meta name=\"author\" content=\"versionpan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"versionpan\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/03\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability\\\/\"},\"author\":{\"name\":\"versionpan\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\"},\"headline\":\"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability\",\"datePublished\":\"2023-03-28T03:25:57+00:00\",\"dateModified\":\"2024-09-13T08:31:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/03\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability\\\/\"},\"wordCount\":2299,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max\",\"keywords\":[\"vRx\",\"2023\"],\"articleSection\":[\"vRx\",\"2023\",\"Press Release\"],\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2023\\\/03\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability\",\"name\":\"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max\",\"datePublished\":\"2023-03-28T03:25:57+00:00\",\"dateModified\":\"2024-09-13T08:31:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability#breadcrumb\"},\"inLanguage\":\"zh-HK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/cve-2023-23752-joomla-unauthorized-access-vulnerability#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-HK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/103ffe36f7fd34a1cc126a30431b94d8\",\"name\":\"versionpan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-HK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g\",\"caption\":\"versionpan\"},\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/author\\\/versionpan\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability","og_locale":"zh_HK","og_type":"article","og_title":"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability - Version 2","og_description":"Introduction Unauthorized access vulnerability based on [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability","og_site_name":"Version 2","article_published_time":"2023-03-28T03:25:57+00:00","article_modified_time":"2024-09-13T08:31:23+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max","type":"","width":"","height":""}],"author":"versionpan","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"versionpan"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability#article","isPartOf":{"@id":"https:\/\/version-2.com\/2023\/03\/cve-2023-23752-joomla-unauthorized-access-vulnerability\/"},"author":{"name":"versionpan","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8"},"headline":"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability","datePublished":"2023-03-28T03:25:57+00:00","dateModified":"2024-09-13T08:31:23+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2023\/03\/cve-2023-23752-joomla-unauthorized-access-vulnerability\/"},"wordCount":2299,"commentCount":0,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max","keywords":["vRx","2023"],"articleSection":["vRx","2023","Press Release"],"inLanguage":"zh-HK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability#respond"]}]},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2023\/03\/cve-2023-23752-joomla-unauthorized-access-vulnerability\/","url":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability","name":"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max","datePublished":"2023-03-28T03:25:57+00:00","dateModified":"2024-09-13T08:31:23+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability#breadcrumb"},"inLanguage":"zh-HK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability"]}]},{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/clfn26wsl0ivp0jk816um3qb1.gif?tr=w-1800,c-at_max"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/cve-2023-23752-joomla-unauthorized-access-vulnerability#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"CVE-2023\u201323752: Joomla Unauthorized Access Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-HK"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/103ffe36f7fd34a1cc126a30431b94d8","name":"versionpan","image":{"@type":"ImageObject","inLanguage":"zh-HK","@id":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/72541e15024f6716236decb252e7488d4a7359d4df6f8506b01f447174f92c7c?s=96&d=identicon&r=g","caption":"versionpan"},"url":"https:\/\/version-2.com\/zh\/author\/versionpan\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-h1n","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/65433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/users\/148637484"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/comments?post=65433"}],"version-history":[{"count":8,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/65433\/revisions"}],"predecessor-version":[{"id":69394,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/posts\/65433\/revisions\/69394"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/media?parent=65433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/categories?post=65433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/zh\/wp-json\/wp\/v2\/tags?post=65433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}