PT-2009-5625 · Joomla · Joomla! Com Album

Dreamturk

Published

2009-09-23

Updated

2017-09-19

CVE-2009-3318

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Joomla! com album component version 1.14

Description A directory traversal issue allows remote attackers to access arbitrary directories and potentially have other unspecified impacts by using a .. (dot dot) in the target parameter to "index.php".

Recommendations For version 1.14, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the target parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2009-3318

Affected Products

Joomla! Com Album

PT-2009-5625 · Joomla · Joomla! Com Album

CVE-2009-3318

Weakness Enumeration

Related Identifiers

Affected Products

References · 4