Описание
An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.
EPSS
5.3 Medium
CVSS3
5 Medium
CVSS2