Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Joomla! K2组件访问控制错误漏洞
Vulnerability Description
Joomla!是美国Open Source Matters团队开发的一套开源的内容管理系统(CMS),该系统提供RSS馈送、网站搜索等功能。K2是使用在其中的一个文章系统组件,该组件支持图片显示和评论等功能。 Joomla! K2组件2.8.0版本中存在访问控制错误漏洞。攻击者可利用该漏洞下载任意文件。
CVSS Information
N/A
Vulnerability Type
N/A