Description
Extracting an specifilcy crafted zip package could write files outside of the intended path.
Solution(s)
joomla-upgrade-3_9_25
Referenceshttps://attackerkb.com/topics/cve-2021-26028 CVE - 2021-26028 http://developer.joomla.org/security-centre/848-20210308-core-path-traversal-within-joomla-archive-zip-class.html