mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-10 03:37:37 +02:00
0xMarcio
917 B
917 B
CVE-2020-9364
Description
An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.