CVE-2019-25762
Received Received - Intake
Information Disclosure in JoomProject Component

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: VulnCheck

Description
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=component&format=json parameters to retrieve user IDs, names, and email addresses in JSON format.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2019-25762
EUVD
EUVD-2019-20198
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
joomboost joomproject 1.1.3.2
joomboost joomproject to 6.0.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-359 The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25762 is an information disclosure vulnerability in the Joomla! Component JoomProject version 1.1.3.2. It allows unauthenticated attackers to access sensitive user data by sending specially crafted requests to the projects endpoint. Specifically, attackers can send requests to index.php with parameters that cause the component to return user IDs, names, and email addresses in JSON format without requiring authentication.

Compliance Impact

The vulnerability in Joomla! Component JoomProject 1.1.3.2 allows unauthenticated attackers to access sensitive user data such as user IDs, names, and email addresses. This exposure of private personal information to unauthorized actors can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.

Since the vulnerability results in information disclosure classified under CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor), organizations using the affected component may face compliance risks, including potential legal and financial penalties, if they fail to protect user data adequately.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive user information such as user IDs, names, and email addresses. Since the data is exposed without authentication, attackers can harvest this information to conduct phishing attacks, identity theft, or further targeted attacks against users of the affected Joomla site.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP request to the Joomla! site targeting the vulnerable JoomProject component endpoint. Specifically, a request to index.php with the parameters option=com_jpprojects&view=projects&tmpl=component&format=json can reveal sensitive user data if the system is vulnerable.

A simple command using curl to test for this vulnerability would be:

  • curl -s "http://[target-site]/index.php?option=com_jpprojects&view=projects&tmpl=component&format=json"

If the response contains JSON data with user IDs, names, and email addresses, the system is vulnerable to this information disclosure issue.

Mitigation Strategies

The immediate mitigation step is to update the JoomProject extension to the latest patched version provided by the vendor, as this will fix the vulnerability.

Additionally, restricting access to the vulnerable endpoint or applying web application firewall (WAF) rules to block requests with the specific parameters can help reduce exposure until an update is applied.

Monitoring and auditing access logs for suspicious requests to the vulnerable endpoint is also recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25762. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart