Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2016-9836
HistoryDec 05, 2016 - 5:00 p.m.

CVE-2016-9836

2016-12-0517:00:00
mitre
www.cve.org
8

AI Score

9.6

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.

Related

prion 1
nvd 1
joomla 1
cve 1
openvas 1
nessus 12
freebsd 1
prion
prion
Code injection
2016-12-05 17:59:00
nvd
nvd
CVE-2016-9836
2016-12-05 17:59:00
joomla
joomla
[20161202] - Core - Shell Upload
2016-10-26 00:00:00
cve
cve
CVE-2016-9836
2016-12-05 17:59:00
openvas
openvas
Joomla Alternative PHP File Extensions File Upload and Information Disclosure Vulnerabilities
2016-12-07 00:00:00
nessus
nessus
Joomla! < 3.6.5 Multiple Vulnerabilities
2016-12-16 00:00:00
Joomla! 3.2.x < 3.6.5 Multiple Vulnerabilities
2018-11-05 00:00:00
Joomla! 3.4.x < 3.6.5 Multiple Vulnerabilities
2018-11-05 00:00:00
freebsd
freebsd
Joomla! -- multiple vulnerabilities
2016-12-06 00:00:00

AI Score

9.6

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON
Related for CVELIST:CVE-2016-9836
prion1nvd1joomla1cve1openvas1nessus12freebsd1