Description

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.

Remediation

References

CVE-2022-23799

Related Vulnerabilities

Piwigo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2012-2208)

WordPress Plugin WPZOOM Portfolio Cross-Site Scripting (1.2.1)

WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)

WordPress Plugin Simple Ads Manager Arbitrary File Upload (2.5.94)

WordPress Plugin FooBox Image Lightbox Cross-Site Scripting (1.0.4)

Severity

Critical

Classification

CVE-2022-23799

Tags

Missing Update Known Vulnerabilities