CVE-2020-9364

2020-03-04T16:15:00
ID CVE-2020-9364
Type cve
Reporter cve@mitre.org
Modified 2020-03-09T19:15:00

Description

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.