Description

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

Remediation

References

CVE-2019-10945

Related Vulnerabilities

WordPress Plugin PixCodes Cross-Site Scripting (2.3.6)

TYPO3 Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-26229)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.11)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2021-21347)

WordPress 'wp-trackback.php' SQL Injection Vulnerability (1.5)

Severity

Critical

Classification

CVE-2019-10945 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities