Description
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2010-2419 Vulnerability (CVE-2010-2419)
WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.2.6)
WordPress Plugin LifterLMS-WP LMS for eLearning, Online Courses, & Quizzes Security Bypass (4.21.1)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-9787)