CVE-2020-37219— Joomla com_fabrik 3.9.11 Directory Traversal via image.php

CVSS 7.5 · High EPSS 0.25% · P49 Updated May 15, 2026

Possible ATT&CK Techniques 2AI

T1083 · File and Directory Discovery T1083.002

Affected Version Matrix 1

Vendor	Product	Version Range	Status
Fabrikar	com_fabrik	`3.9.11`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-37219

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Joomla com_fabrik 3.9.11 Directory Traversal via image.php

Source: NVD (National Vulnerability Database)

Vulnerability Description

Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Joomla com_fabrik 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Joomla com_fabrik是Fabrik团队的一个面向Joomla网站数据表单、数据库应用与业务流程构建的扩展组件。 Joomla com_fabrik 3.9.11版本存在路径遍历漏洞，该漏洞源于目录遍历问题，可能导致未经身份验证的攻击者通过操纵folder参数列出任意文件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Fabrikar	com_fabrik	3.9.11	-

II. Public POCs for CVE-2020-37219

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-37219

请登录查看更多情报信息。

https://www.exploit-db.com/exploits/48263exploit
https://fabrikar.com/downloadsproduct
https://fabrikar.com/product
https://www.vulncheck.com/advisories/joomla-com-fabrik-directory-traversal-via-image-phpthird-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2020-37219

IV. Related Vulnerabilities

Same weakness: CWE-22

V. Comments for CVE-2020-37219

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-37219— Joomla com_fabrik 3.9.11 Directory Traversal via image.php

Possible ATT&CK Techniques 2AI

Affected Version Matrix 1

I. Basic Information for CVE-2020-37219

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-37219

III. Intelligence Information for CVE-2020-37219

IV. Related Vulnerabilities

V. Comments for CVE-2020-37219

Leave a comment