CVE-2021-23132

Published: 04/03/2021 Updated: 05/03/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

An issue exists in Joomla! 3.0.0 up to and including 3.9.24. com_media allowed paths that are not intended for image uploads

Vulnerable Product	Search on Vulmon	Subscribe to Product
joomla joomla\\!

Directory traversal in com_media to RCE

Made by HK CVE-2020-24597: Directory traversal in com_media to RCE Note: Because Joomla core 3921 fixed improperly, therefore this bug has't patched improperly I can bypass this patch eseaily I want to keep this secret until this bug will have been fixed completely Link developerjoomlaorg/security-centre/827-20200803-core-directory-traversal-in-com-mediahtm

com_media allowed paths that are not intended for image uploads to RCE

CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs are the same PoC (Full) Affected version: Joomla core <=3924 User requirement: Admin account (Not Superadmin) Gain access: Create superadmin, then trigger RCE Remote Code Execution (RCE) in Joomla Run cve-2021-23132py

NVD-CWE-noinfo https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html https://nvd.nist.gov https://github.com/HoangKien1020/CVE-2020-24597

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-23132

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect