PT-2022-16265 · Joomla · Joomla!

Egidio Romano

Published

2022-03-30

Updated

2025-04-03

CVE-2022-23793

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Joomla! versions 3.0.0 through 3.10.6 Joomla! versions 4.0.0 through 4.1.0

Description An issue was discovered where extracting a specifically crafted tar package could write files outside of the intended path.

Recommendations For Joomla! versions 3.0.0 through 3.10.6, update to a version outside of this range to resolve the issue. For Joomla! versions 4.0.0 through 4.1.0, update to a version outside of this range to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BIT-JOOMLA-2022-23793

CVE-2022-23793

GHSA-JM67-JH3G-CG3F

Affected Products

Joomla!

PT-2022-16265 · Joomla · Joomla!

CVE-2022-23793

Weakness Enumeration

Related Identifiers

Affected Products

References · 8