- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.5.0 through 3.9.4
- Exploit type: Directory Traversal
- Reported Date: 2019-March-13
- Fixed Date: 2019-April-08
- CVE Number: CVE-2019-10945
The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.
Joomla! CMS versions 1.5.0 through 3.9.4
Upgrade to version 3.9.5
The JSST at the Joomla! Security Centre.
Reported By: Haboob Research Team