3 matches found
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...
CVE-2025-22213 [20250301] - Core - Malicious file uploads via Media Manager
Inadequate checks in the Media Manager allowed users with "edit" privileges to change file extension to arbitrary extension, including .php and other potentially executable extensions...
CVE-2025-22213
CVE-2025-22213 affects Joomla! media management. Inadequate checks in Media Manager let users with edit privileges change a file’s extension to arbitrary ones (including .php), enabling potential remote code execution. Affected versions include Joomla! 4.x prior to 4.4.12 and 5.x prior to 5.2.5. ...