• Project: Joomla!
  • SubProject: CMS
  • Impact: High
  • Severity: Low
  • Versions: 2.5.0 through 3.8.7
  • Exploit type: Malicious file upload
  • Reported Date: 2018-March-14
  • Fixed Date: 2018-May-22
  • CVE Number: CVE-2018-11322


Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.8.7


Upgrade to version 3.8.8


The JSST at the Joomla! Security Centre.

Reported By: Demis Palma, JSST