Vulnerability Description
Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://fabrikar.com/
- https://fabrikar.com/downloads
- https://www.exploit-db.com/exploits/48263
- https://www.vulncheck.com/advisories/joomla-com-fabrik-directory-traversal-via-i
FAQ
What is CVE-2020-37219?
CVE-2020-37219 is a vulnerability with a CVSS score of 7.5 (HIGH). Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET request...
How severe is CVE-2020-37219?
CVE-2020-37219 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-37219?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.