CVE-2021-23132 - Vulnerability Details - OpenCVE

ReportizFlow

An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Joomla	Joomla\!

Configuration 1 [-]

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Joomla

Published: 2021-03-04T17:37:14.907908Z

Updated: 2024-09-17T03:53:00.432Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-23132

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-04T18:15:13.660

Modified: 2024-11-21T05:51:15.967

Link: CVE-2021-23132

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Joomla! CMS", "vendor": "Joomla! Project", "versions": [{"status": "affected", "version": "3.0.0-3.9.24"}]}], "datePublic": "2021-03-02T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads"}], "problemTypes": [{"descriptions": [{"description": "Improper Input Validation", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2024-08-04T08:43:08.799Z"}, "references": [{"tags": ["x_refsource_MISC", "vendor-advisory"], "url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"}], "title": "[20210306] - Core - com_media allowed paths that are not intended for image uploads", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_PUBLIC": "2021-03-02T16:00:00", "ID": "CVE-2021-23132", "STATE": "PUBLIC", "TITLE": "[20210306] - Core - com_media allowed paths that are not intended for image uploads"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Joomla! CMS", "version": {"version_data": [{"version_value": "3.0.0-3.9.24"}]}}]}, "vendor_name": "Joomla! Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html", "refsource": "MISC", "url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:58:26.243Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "vendor-advisory", "x_transferred"], "url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"}]}]}, "cveMetadata": {"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "assignerShortName": "Joomla", "cveId": "CVE-2021-23132", "datePublished": "2021-03-04T17:37:14.907908Z", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-09-17T03:53:00.432Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF63EE1-BB31-4FA3-92C9-DEE16081A60C", "versionEndExcluding": "3.9.25", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads"}, {"lang": "es", "value": "Se detect\u00f3 un problema en Joomla! versiones 3.0.0 hasta 3.9.24. com_media permiti\u00f3 rutas que no est\u00e1n destinadas a una carga de im\u00e1genes"}], "id": "CVE-2021-23132", "lastModified": "2024-11-21T05:51:15.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-03-04T18:15:13.660", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}