PT-2018-17532 · Joomla · Joomla! Picture Calendar

Ihsan Sencan

Published

2018-01-30

Updated

2018-02-15

CVE-2018-6397

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Joomla! Picture Calendar version 3.1.4

Description A Directory Traversal issue exists in the Picture Calendar component for Joomla!. The issue is related to the folder parameter in the list.php file.

Recommendations For version 3.1.4, consider restricting access to the list.php file until a patch is available. As a temporary workaround, avoid using the folder parameter in the affected list.php file to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-6397

Affected Products

Joomla! Picture Calendar

PT-2018-17532 · Joomla · Joomla! Picture Calendar

CVE-2018-6397

Weakness Enumeration

Related Identifiers

Affected Products

References · 3