Joomla : Security Vulnerabilities, CVEs, Published In 2019 (Directory traversal) CVSS score >= 8
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
Max CVSS
9.8
EPSS Score
2.75%
Published
2019-05-09
Updated
2021-10-01
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
Max CVSS
9.8
EPSS Score
90.17%
Published
2019-04-10
Updated
2019-04-17
2 vulnerabilities found