CVE-2018-7482

Name of the Vulnerable Software and Affected Versions K2 component for Joomla! version 2.8.0

Description The issue allows an attacker to download arbitrary files due to Incorrect Access Control with directory traversal. This can be demonstrated by a request to "view=media&task=connector&cmd=file&target=l1 ../configuration.php&download=1", where the pathname ../configuration.php should be base64 encoded for a valid attack. The vendor disputes this issue, stating that only files under the media-manager path can be downloaded and that sensitive information does not belong there.

Recommendations For version 2.8.0, consider updating to version 2.8.1, which includes additional blocking of .php downloads to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the media-manager path to minimize the risk of downloading sensitive files. Avoid using the target parameter in the affected API endpoint until the issue is resolved.