Joomla : Security Vulnerabilities, CVEs, (Directory traversal)
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
Max CVSS
7.5
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-04
Updated
2021-03-10
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-12-28
Updated
2020-12-30
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
Max CVSS
5.3
EPSS Score
0.15%
Published
2019-12-18
Updated
2019-12-19
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
Max CVSS
9.8
EPSS Score
2.75%
Published
2019-05-09
Updated
2021-10-01
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
Max CVSS
9.8
EPSS Score
90.17%
Published
2019-04-10
Updated
2019-04-17
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
7.5
EPSS Score
0.47%
Published
2015-12-16
Updated
2015-12-17
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
Max CVSS
7.5
EPSS Score
0.47%
Published
2015-12-16
Updated
2015-12-17
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
Max CVSS
5.0
EPSS Score
3.11%
Published
2009-01-09
Updated
2017-09-29
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
Max CVSS
9.0
EPSS Score
1.02%
Published
2008-10-22
Updated
2017-09-29
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
Max CVSS
5.0
EPSS Score
2.60%
Published
2007-08-23
Updated
2017-09-29
11 vulnerabilities found