Description

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

Remediation

References

CVE-2019-10945

Related Vulnerabilities

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1891)

WordPress Plugin Contact Form by WPForms-Drag & Drop Form Builder for WordPress Cross-Site Scripting (1.4.7.2)

WordPress Plugin Backup Migration Information Disclosure (1.3.5)

Squid Improper Input Validation Vulnerability (CVE-2020-25097)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7370)

Severity

Critical

Classification

CVE-2019-10945 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities