CVE-2021-26028

MEDIUM5.5EPSS 0.01%

Path Traversal within joomla/archive zip class

Published: 3/24/2021Modified: 4/3/2025

Also known as:GHSA-vgwr-773q-7j3cBIT-joomla-2021-26028

Description

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N