CVE-2015-8564

Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html	Vendor Advisory
https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:joomla:joomla\!:3.4.0:::::::*
	cpe:2.3:a:joomla:joomla\!:3.4.1:::::::*
	cpe:2.3:a:joomla:joomla\!:3.4.3:::::::*
	cpe:2.3:a:joomla:joomla\!:3.4.4:::::::*
	cpe:2.3:a:joomla:joomla\!:3.4.5:::::::*

History

21 Nov 2024, 02:38

Type	Values Removed	Values Added
References	~~() https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html - Vendor Advisory~~	() https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html - Vendor Advisory

Information

Published : 2015-12-16 21:59

Updated : 2024-11-21 02:38

NVD link : CVE-2015-8564

Mitre link : CVE-2015-8564

CVE.ORG link : CVE-2015-8564

JSON object : View

Products Affected

joomla

joomla\!

CWE

CWE-20

Improper Input Validation

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2015-8564", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-12-16T21:59:08.860", "references": [{"url": "https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Joomla! 3.4.x en versiones anteriores a 3.4.6 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de secuencias de salto de directorio en el archivo de instalaci\u00f3n XML en un archivo del paquete de ampliaci\u00f3n."}], "lastModified": "2024-11-21T02:38:44.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA20940F-8056-4F18-8D8A-4CE1EE22327E"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6D81D1-16F7-448B-BA23-C24AAAE1A096"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E76ADE1-A88F-468B-8D9C-72B90AF2A75A"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98475DA0-9D72-4952-878B-4DD619132E66"}, {"criteria": "cpe:2.3:a:joomla:joomla\\!:3.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D6C4C68-E526-408F-A54D-86CB3E5D800F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}