• Project: Joomla!
• SubProject: CMS
• Impact: Moderate
• Severity: Low
• Versions: 3.0.0 - 3.9.24
• Exploit type: Improper Input Validation
• Reported Date: 2020-02-17
• Fixed Date: 2021-03-02
• CVE Number: CVE-2021-23132

Description

com_media allowed paths that are not intended for image uploads.

Affected Installs

Joomla! CMS versions 3.0.0 - 3.9.24

Solution

Upgrade to version 3.9.25

Contact

The JSST at the Joomla! Security Centre.