Description
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Digital Publications by Supsystic Multiple Vulnerabilities (1.6.9)
WordPress Plugin WordPress Simple Shopping Cart Cross-Site Request Forgery (3.5)
Moodle Other Vulnerability (CVE-2010-1616)
Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.6)
WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.51)