CVE-2020-37219

Vulnerability

Overview CVE-2020-37219 is a directory traversal vulnerability in the Joomla component com_fabrik version 3.9.11. The flaw resides in the onAjax_files method, which fails to properly sanitize the folder parameter, allowing path traversal sequences such as ../ to escape the intended web root directory [1][4]. This improper limitation of a pathname to a restricted directory (CWE-22) enables an attacker to list files in arbitrary directories on the server.

Exploitation

The vulnerability can be exploited by sending a crafted GET request to the onAjax_files endpoint with a manipulated folder parameter containing traversal sequences. No authentication is required, making the attack surface broad for any publicly accessible Joomla site running the vulnerable component [1]. The exploit is publicly available, lowering the barrier for attackers.

Impact

An unauthenticated attacker can enumerate files and directories outside the web root, potentially revealing sensitive information such as configuration files, database credentials, or other system details [4]. While the vulnerability only allows listing (not reading) files, the disclosed information can aid in further attacks.

Mitigation

Users should upgrade com_fabrik to a version later than 3.9.11, as the vulnerability affects versions up to and including that release [4]. The vendor has since released newer versions (e.g., v4.6.4) that address this issue [2]. As the CVE is from 2020 and an exploit exists, immediate patching is recommended.