Joomla! ChronoForums 2.0.11 - Local File Inclusion

Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials. id: CVE-2021-28377 info: name: Joomla!...

CVE-2021-28377

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files...

CVE-2021-28377

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files...

CVE-2021-28377

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files...

Directory traversal

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files...

CVE-2021-28377

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files...

CVE-2021-28377

CVE-2021-28377 : ChronoForums 2.0.11 is vulnerable to local file inclusion via path traversal in the avatar function, enabling an attacker to read arbitrary files (e.g., configuration files containing credentials). Affected product: ChronoForums/Joomla extension. Root cause: unauthenticated path ...