WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla! Core 3.x.x Directory Traversal (3.0.0 - 3.9.24)

Description

Joomla! Core is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. Joomla! Core versions 3.x.x ranging from 3.0.0 and up to and including 3.9.24 are vulnerable.

Remediation

Update to Joomla! Core version 3.9.25 or latest

References

https://github.com/HoangKien1020/CVE-2021-23132

https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html

Related Vulnerabilities

WordPress Plugin WPBakery Page Builder Clipboard Cross-Site Scripting (4.5.5)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-8865)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0215)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43703)

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.8)

Severity

High

Classification

CVE-2021-23132 CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Directory Traversal