What is the severity of CVE-2018-7482?

The severity of CVE-2018-7482 is classified as critical due to its potential for unauthorized file access.

How do I fix CVE-2018-7482?

To fix CVE-2018-7482, upgrade K2 to a version that addresses this vulnerability and ensure that directory traversal protections are implemented.

What vulnerabilities are associated with CVE-2018-7482?

CVE-2018-7482 is associated with incorrect access control that allows directory traversal attacks.

What versions of K2 are affected by CVE-2018-7482?

CVE-2018-7482 affects K2 version 2.8.0 for Joomla!.

How can attackers exploit CVE-2018-7482?

Attackers can exploit CVE-2018-7482 by crafting requests that manipulate file paths to download sensitive files.

Vulnerability/
CVE-2018-7482

high

7.5

CWE

28/2/2018

14/11/2024

CVE-2018-7482: Path Traversal

First published: Wed Feb 28 2018(Updated: )

** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Joomlaworks K2	=2.8.0
	=2.8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-7482?
The severity of CVE-2018-7482 is classified as critical due to its potential for unauthorized file access.
How do I fix CVE-2018-7482?
To fix CVE-2018-7482, upgrade K2 to a version that addresses this vulnerability and ensure that directory traversal protections are implemented.
What vulnerabilities are associated with CVE-2018-7482?
CVE-2018-7482 is associated with incorrect access control that allows directory traversal attacks.
What versions of K2 are affected by CVE-2018-7482?
CVE-2018-7482 affects K2 version 2.8.0 for Joomla!.
How can attackers exploit CVE-2018-7482?
Attackers can exploit CVE-2018-7482 by crafting requests that manipulate file paths to download sensitive files.

collector/nvd-index
agent/references
agent/type
agent/severity
agent/weakness
agent/author
agent/status
agent/softwarecombine
agent/description
agent/tags
agent/first-publish-date
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
status/disputed
vendor/joomlaworks
canonical/joomlaworks k2
version/joomlaworks k2/2.8.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.