Thursday, March 4, 2021

Joomla!: [20210308] - Core - Path Traversal within joomla/archive zip class (CVE-2021-26028)

Description
Extracting an specifilcy crafted zip package could write files outside of the intended path.
Solution(s)
  • joomla-upgrade-3_9_25


  • References
  • https://attackerkb.com/topics/cve-2021-26028
  • CVE - 2021-26028
  • http://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated