CVE-2019-10945

critical

Description

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

References

https://www.exploit-db.com/exploits/46710/

https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media

http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html

Details

Source: Mitre, NVD

Published: 2019-04-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical