|CERT-In Vulnerability Note
Information Disclosure Vulnerability in Joomla
Original Issue Date:November 26, 2019
Severity Rating: MEDIUM
- Joomla CMS versions 3.6.0 through 3.9.12
A vulnerability has been reported in Joomla which could be exploited by a remote attacker to obtain potentially sensitive information on a targeted system.
This vulnerability exists in phputf8 mapping files of Joomla due to improper access checks. A remote attacker could gain information about file system structure of the server where the website is hosted.
Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information of the target system which could lead to further attacks.
- Upgrade to Joomla CMS version 3.9.13
The information provided herein is on "as is" basis, without warranty of any kind.
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003