- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.9.4
- Exploit type: Directory Traversal
- Reported Date: 2019-March-13
- Fixed Date: 2019-April-08
- CVE Number: CVE-2019-10945
Description
The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.
Affected Installs
Joomla! CMS versions 1.5.0 through 3.9.4
Solution
Upgrade to version 3.9.5
Contact
The JSST at the Joomla! Security Centre.
Reported By: Haboob Research Team