Описание
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.5.0 (включая) до 3.8.8 (включая)
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01506
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.
EPSS
Процентиль: 81%
0.01506
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-20