[20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check'

Project: Joomla!
SubProject: CMS
Impact: Low
Severity: Low
Probability: Low
Versions: 4.2.0
Exploit type: Path Disclosure
Reported Date: 2022-08-27
Fixed Date: 2022-08-30
CVE Number: CVE-2022-27911

Description

Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes done in 4.2.0. According to PROD2020/023 and in coordination with the JSST this has been patched in the public tracker vis #38615

Affected Installs

Joomla! CMS versions 4.2.0

Solution

Upgrade to version 4.2.1

Contact

The JSST at the Joomla! Security Centre.

Reported By: SharkyKZ