CVE-2021-26028Path Traversal in Joomla !

CWE-22Path Traversal4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Joomla !Joomla ArchiveJoomla! Project Joomla! CMS
Timeline
PublishedMar 4
Latest updateMar 24

Description

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDjoomla/joomla_!3.0.03.9.25
CVEListV5joomla!_project/joomla!_cms3.0.0-3.9.24
Packagistjoomla/archive< 1.1.10

🔴Vulnerability Details

3
OSV
Path Traversal within joomla/archive zip class2021-03-24
GHSA
Path Traversal within joomla/archive zip class2021-03-24
CVEList
[20210308] - Core - Path Traversal within joomla/archive zip class2021-03-04