### [CVE-2021-23123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23123)
![](https://img.shields.io/static/v1?label=Product&message=Joomla!%20CMS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%203.0.0-3.9.23%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20Access%20Control&color=brighgreen)

### Description

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/CyberCommands/CVE2021-23132