Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-10945

Date: April 10, 2019

An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.

Language: PHP

Severity Score

Related Resources (7)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10945
http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html
https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media
https://nvd.nist.gov/vuln/detail/CVE-2019-10945
https://github.com/joomla/joomla-cms/commit/1547f8e76000a22d9befc2551ca9929f5d2d0c56
https://www.exploit-db.com/exploits/46710/
https://www.mend.io/vulnerability-database/CVE-2019-10945

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us