An issue exists in Joomla! prior to 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
joomla joomla\\!