Description

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

Remediation

References

CVE-2019-10945

Related Vulnerabilities

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7873)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43705)

GeoServer Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-7227)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (4.7.4)

WordPress Plugin Events Manager Multiple Vulnerabilities (5.9.7.3)

Severity

Critical

Classification

CVE-2019-10945 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities