CVE-2021-26028

MEDIUM5.5EPSS 0.01%

[20210308] - Core - Path Traversal within joomla/archive zip class

Published: 3/24/2021Modified: 5/20/2025

Description

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.

Affected packages (2)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1MEDIUM5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References (4)