In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.Referenceshttps://developer.joomla.org/security-centre/817-20200605-core-csrf-in-com-postinstall
