Arbitrary File Extension Vulnerability in Joomla Media Manager
CVE-2025-22213
7.1HIGH
Summary
A vulnerability within the Joomla Media Manager allows users with editing privileges to change file extensions to arbitrary formats, including .php and other executable extensions. This flaw can potentially lead to unauthorized file uploads, increasing the risk of malicious code execution and compromising server security. Proper input validation measures must be reinforced to prevent such security breaches.
Affected Version(s)
Joomla! CMS 4.0.0-4.4.11
Joomla! CMS 5.0.0-5.2.4
References
CVSS V4
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
ErPaciocco