• Project: Joomla!
  • SubProject: CMS
  • Impact: Moderate
  • Severity: Low
  • Versions: 1.5.0 through 3.9.4
  • Exploit type: Directory Traversal
  • Reported Date: 2019-March-13
  • Fixed Date: 2019-April-08
  • CVE Number: CVE-2019-10945


The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.

Affected Installs

Joomla! CMS versions 1.5.0 through 3.9.4


Upgrade to version 3.9.5


The JSST at the Joomla! Security Centre.

Reported By: Haboob Research Team