Vulnerability Description
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joomla | Joomla\! | < 3.8.12 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105166Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041913Third Party Advisory
- https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inpVendor Advisory
- http://www.securityfocus.com/bid/105166Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041913Third Party Advisory
- https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inpVendor Advisory
FAQ
What is CVE-2018-15882?
CVE-2018-15882 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.
How severe is CVE-2018-15882?
CVE-2018-15882 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-15882?
Check the references section above for vendor advisories and patch information. Affected products include: Joomla Joomla\!.