What the vulnerability does
01Description
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
What the vulnerability does
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
Explanation of Vulnerability in Simple Terms
A path traversal vulnerability in Joomla! CMS 4.0.0 through 5.4.5 allows an attacker with high-level privileges to read files outside the intended directory. The vulnerability requires network access and high administrative permissions. Site owners should update to a version newer than 5.4.5 to remediate this issue.
What an attacker can do
Read files outside the intended directory on the server.
Potential impact on your site
An admin account compromise could expose sensitive files like configuration or database credentials.
Conditions required to exploit
Attacker must have high-level administrative privileges on the Joomla site.
Key dates
External resources
Related vulnerabilities