[20210308] - Core - Path Traversal within joomla/archive zip class
- Details
- Joomla RSS Feed
- Kategorie: Joomla News
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.0.0 - 3.9.24 Exploit type: Path Traversal Reported Date: 2020-09-08 Fixed Date: 2021-03-02 CVE Number: CVE-2021-26028 Description Extracting an specifilcy crafted zip package could write files outside of the intended path. Affected Installs Joomla! CMS versions 3.0.0 - 3.9.24 Solution Upgrade to version 3.9.25 Contact The JSST at the Joomla! Security Centre. Reported By: Šarūnas Paulauskas
- Zugriffe: 371