PT-2018-11347 · Joomla · Joomla!
Davide Tampellini
·
Published
2018-06-26
·
Updated
2018-08-20
·
CVE-2018-12712
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Joomla! versions 2.5.0 through 3.8.8
Description
An issue was discovered where the autoload code checks classnames to be valid using the
class exists function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.Recommendations
For Joomla! versions 2.5.0 through 3.8.8, update to version 3.8.9 or later to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!