What the vulnerability does
01Description
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
What the vulnerability does
An improper validation of user-supplied input leads to a local file inclusion vulnerability.
Explanation of Vulnerability in Simple Terms
A path traversal vulnerability in Joomla! CMS versions 3.2.1 through 5.4.5 allows authenticated administrators to read or access files outside the intended directory structure. An attacker with high-level administrative privileges can exploit this by crafting malicious file paths. This vulnerability requires network access and administrator credentials to exploit.
What an attacker can do
Read or access files outside the intended directory on the server.
Potential impact on your site
An administrator account compromise could expose sensitive files on your server outside the web root.
Conditions required to exploit
Attacker must have high-level administrator credentials and network access to the Joomla site.
Key dates
External resources
Related vulnerabilities