Published in Business

[20190401] - Core - Directory Traversal in com_media

by on09 April 2019
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 1.5.0 through 3.9.4
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 1.5.0 through 3.9.4
  • Exploit type: Directory Traversal
  • Reported Date: 2019-March-13
  • Fixed Date: 2019-April-08
  • CVE Number: CVE-2019-10945

Description

The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.9.4

Solution

Upgrade to version 3.9.5

Contact

The JSST at the Joomla! Security Centre.

Reported By: Haboob Research Team
Don't miss a thing!
Stay up-to-dated with JoomlaQuickStart
Receive updates for our Joomla news