- Project: Joomla!
- SubProject: CMS
- Impact: High
- Severity: Low
- Versions: 2.5.0 through 3.8.7
- Exploit type: Malicious file upload
- Reported Date: 2018-March-14
- Fixed Date: 2018-May-22
- CVE Number: CVE-2018-11322
Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
Joomla! CMS versions 2.5.0 through 3.8.7
Upgrade to version 3.8.8
The JSST at the Joomla! Security Centre.
Reported By: Demis Palma, JSST