CVE-2019-10945

Опубликовано: 10 апр. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

Ссылки

http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html
Exploit
Third Party Advisory
VDB Entry
https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media
Vendor Advisory
https://www.exploit-db.com/exploits/46710/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html
Exploit
Third Party Advisory
VDB Entry
https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media
Vendor Advisory
https://www.exploit-db.com/exploits/46710/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Версия от 1.5.0 (включая) до 3.9.4 (включая)

EPSS

Процентиль: 99%

0.84523

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-fg75-qw6g-52mj