Joomla : Security Vulnerabilities Published In 2019 (Directory traversal)
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
| Max Base Score | 5.3 |
| Published | 2019-12-18 |
| Updated | 2019-12-19 |
| EPSS | 0.15% |
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
| Max Base Score | 9.8 |
| Published | 2019-05-09 |
| Updated | 2021-10-01 |
| EPSS | 1.41% |
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
| Max Base Score | 9.8 |
| Published | 2019-04-10 |
| Updated | 2019-04-17 |
| EPSS | 94.84% |
3 vulnerabilities found