CVE-2018-11322

Published: May 22, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.

Affected (1)

Products: Joomla: Joomla!

Joomla

1 product

Joomla!

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Joomla Joomla!	Before 3.8.8

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://www.securityfocus.com/bid/104272

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040966

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/104272

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040966

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-to-the-upload-blacklist.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.