CVE-2021-23132: Joomla Code Execution Vulnerability Alert
Joomla is a free and open-source content management system for publishing web content on websites. Web content applications include discussion forums, photo galleries, e-Commerce, and user communities, and numerous other web-based applications.
On March 6, 2021, Joomla officially released a vulnerability security notice, which disclosed a remote code execution vulnerability in Joomla components. The vulnerability number is CVE-2021-23132. Because the com_media module can upload files, an attacker can use this vulnerability to gain permission to implement remote code execution.
The PoC is available on Github.
Vulnerability Detail
- Impact: Moderate
- Severity: Low
com_media allowed paths that are not intended for image uploads.
Affected version
- Joomla! CMS versions 3.0.0 – 3.9.24
Unaffected version
- Joomla! CMS versions 3.9.25
