An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166546/Joomla-4.1.0-Zip-Slip-File-Overwrite-Path-Traversal.html | Exploit Third Party Advisory VDB Entry |
https://developer.joomla.org/security-centre/870-20220301-core-zip-slip-within-the-tar-extractor.html | Vendor Advisory |
http://packetstormsecurity.com/files/166546/Joomla-4.1.0-Zip-Slip-File-Overwrite-Path-Traversal.html | Exploit Third Party Advisory VDB Entry |
https://developer.joomla.org/security-centre/870-20220301-core-zip-slip-within-the-tar-extractor.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/166546/Joomla-4.1.0-Zip-Slip-File-Overwrite-Path-Traversal.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://developer.joomla.org/security-centre/870-20220301-core-zip-slip-within-the-tar-extractor.html - Vendor Advisory |
Information
Published : 2022-03-30 16:15
Updated : 2024-11-21 06:49
NVD link : CVE-2022-23793
Mitre link : CVE-2022-23793
CVE.ORG link : CVE-2022-23793
JSON object : View
Products Affected
joomla
- joomla\!
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')