Vulnerability Description
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla\! | < 3.8.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104272Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040966Third Party AdvisoryVDB Entry
- https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-toVendor Advisory
- http://www.securityfocus.com/bid/104272Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040966Third Party AdvisoryVDB Entry
- https://developer.joomla.org/security-centre/730-20180502-core-add-phar-files-toVendor Advisory
FAQ
What is CVE-2018-11322?
CVE-2018-11322 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
How severe is CVE-2018-11322?
CVE-2018-11322 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11322?
Check the references section above for vendor advisories and patch information. Affected products include: Joomla Joomla\!.