Description
Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root.
Published: 2026-05-13
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Joomla's com_fabrik 3.9.11 allows an attacker without authentication to request the image.php endpoint and manipulate the folder parameter to perform path traversal. By sending GET requests with .. sequences to the onAjax_files method, the attacker can list and access arbitrary files located outside the intended web root. This can lead to the disclosure of sensitive configuration files, database dumps, or other confidential data stored on the server, resulting in an information‑disclosure risk.

Affected Systems

The affected product is Fabrikar's com_fabrik component for Joomla, specifically version 3.9.11. The vulnerability arises from the image.php script within that component. No other versions are listed as vulnerable in the provided data.

Risk and Exploitability

The CVSS score for this vulnerability is 8.7, indicating a high severity. The EPSS score is not available, and the vulnerability is not currently listed in CISA's KEV catalog. The likely attack vector is remote via the web, as attackers can trigger the flaw by sending unauthenticated HTTP GET requests to the vulnerable endpoint from any location with network access to the affected Joomla installation. Exploitation requires only the ability to send crafted requests, making it straightforward for attackers to enumerate files on the affected server.

Generated by OpenCVE AI on May 13, 2026 at 16:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Fabrikar com_fabrik to the latest version that contains the patch correcting the path traversal issue.
  • If an upgrade is not immediately possible, restrict unauthenticated access to the image.php endpoint using Joomla's ACL or by configuring web server rules to block GET requests to that resource.
  • Monitor web server logs for abnormal file enumeration activity, and consider implementing web application firewall rules to detect and block path‑traversal patterns.

Generated by OpenCVE AI on May 13, 2026 at 16:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Fabrikar com Fabrikar
Vendors & Products Fabrikar com Fabrikar

Wed, 13 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root.
Title Joomla com_fabrik 3.9.11 Directory Traversal via image.php
First Time appeared Fabrikar
Fabrikar fabrik
Weaknesses CWE-22
CPEs cpe:2.3:a:fabrikar:fabrik:3.9.11:*:*:*:*:*:*:*
Vendors & Products Fabrikar
Fabrikar fabrik
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Fabrikar Com Fabrikar Fabrik
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-13T18:31:57.397Z

Reserved: 2026-05-13T13:47:51.522Z

Link: CVE-2020-37219

cve-icon Vulnrichment

Updated: 2026-05-13T18:31:36.143Z

cve-icon NVD

Status : Deferred

Published: 2026-05-13T16:16:33.290

Modified: 2026-05-13T17:07:21.030

Link: CVE-2020-37219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:30:15Z

Weaknesses