Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-26028)

Description

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.

Remediation

References

Related Vulnerabilities

e107 Other Vulnerability (CVE-2005-1949)

WordPress Plugin Automattic Stats Referer Field HTML Injection (1.0)

WebLogic CVE-2017-10148 Vulnerability (CVE-2017-10148)

WordPress Plugin Spreadsheet (wpSS) 'ss_id' Parameter SQL Injection (0.61)

WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Unspecified Vulnerability (5.7)

Severity

Medium

Classification

CVE-2021-26028 CWE-22 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities