Description
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Social Login PHP Object Injection (2.6.3)
PHP Other Vulnerability (CVE-2002-0121)
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-19709)
qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3882)