An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-04T15:58:23
Updated: 2024-08-04T10:26:16.083Z
Reserved: 2020-02-24T00:00:00
Link: CVE-2020-9364
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-03-04T16:15:12.080
Modified: 2022-10-06T23:56:40.013
Link: CVE-2020-9364
Redhat
No data.