The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2018030054 | Exploit Third Party Advisory |
https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other | Mitigation Vendor Advisory |
https://www.exploit-db.com/exploits/44252 | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-26T21:00:00
Updated: 2018-08-26T21:57:01
Reserved: 2018-08-26T00:00:00
Link: CVE-2017-18345
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-26T21:29:00.233
Modified: 2018-11-06T13:20:30.580
Link: CVE-2017-18345
JSON object: View
Redhat Information
No data.
CWE