An issue exists in Joomla! 3.0.0 up to and including 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.
joomla joomla!