First published: Tue Nov 24 2020(Updated: )
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Credit: security@joomla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Joomla Joomla\! | >=2.5.0<=3.9.22 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35612 is a vulnerability in Joomla versions 2.5.0 through 3.9.22 that allows path traversal due to lacking input validation in the folder parameter of mod_random_image.
CVE-2020-35612 has a severity rating of 7.5 (High).
CVE-2020-35612 affects Joomla versions 2.5.0 through 3.9.22.
CVE-2020-35612 has two CWEs associated with it: CWE-20 (Improper Input Validation) and CWE-22 (Path Traversal).
To fix the CVE-2020-35612 vulnerability, it is recommended to update Joomla to version 3.9.23 or later, which includes a fix for this vulnerability.