Published: 10/04/2019 Updated: 17/04/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in Joomla! prior to 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing malicious users to act outside the media manager root directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
joomla joomla\\!

# Exploit Title: Joomla Core (150 through 394) - Directory Traversal && Authenticated Arbitrary File Deletion # Date: 2019-March-13 # Exploit Author: Haboob Team # Web Site: haboobsa # Email: research@haboobsa # Software Link: wwwjoomlaorg/ # Versions: Joomla 150 through Joomla 394 # CVE : CVE-2019-10945 # cvemi ...

Joomla versions 150 through 394 suffer from arbitrary file deletion and directory traversal vulnerabilities ...

Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion in Python3

Code Conversion to Python 3 This code is taken from Joomla! Core 150 - 394 - Directory Traversal / Authenticated Arbitrary File Deletion and was converted to Python 3 to suit the exercise in Academy for Module "Attacking Commoon Applications" and section "Attacking Joomla" The original code was written in Python 2, but it has been converted using the 2

CWE-22 https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media https://www.exploit-db.com/exploits/46710/http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html https://nvd.nist.gov https://github.com/dpgg101/CVE-2019-10945 https://www.exploit-db.com/exploits/46710

CVE-2019-10945

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect