Description

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

Remediation

References

CVE-2019-10945

Related Vulnerabilities

WordPress Plugin Digital Publications by Supsystic Multiple Vulnerabilities (1.6.9)

WordPress Plugin WordPress Simple Shopping Cart Cross-Site Request Forgery (3.5)

Moodle Other Vulnerability (CVE-2010-1616)

Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.6)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.51)

Severity

Critical

Classification

CVE-2019-10945 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities