Directory Traversal in Joomla! Media Manager Component
CVE-2019-10945

9.8CRITICAL

Key Information:

Vendor

Joomla
Status
Joomla\!
Vendor
CVE Published:
10 April 2019

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 85%

What is CVE-2019-10945?

A flaw was identified in the Joomla! Media Manager component prior to version 3.9.5. This vulnerability allows attackers to exploit improper sanitization of the folder parameter, potentially gaining access to files and directories outside the intended media manager directory. This can lead to unauthorized data exposure and file manipulation, significantly compromising the security of Joomla! installations.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-10945
Created by dpgg101

CVE-2019-10945
Created by Snizi

References

https://developer.joomla.org/security-centre/777-20190401...
x_refsource_MISC
https://www.exploit-db.com/exploits/46710/
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.com/files/152515/Joomla-3.9.4-...
x_refsource_MISC

EPSS Score

85% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-10945 : Directory Traversal in Joomla! Media Manager Component