Unrated severityNVD Advisory· Published Mar 4, 2020· Updated Aug 4, 2024

CVE-2020-9364

Description

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Joomla!/Creative Contact Formdescription
Creative Solutions/Creative Contact Formllm-fuzzy
Range: <=4.6.2

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/156655/Creative-Contact-Form-4.6.2-Directory-Traversal.htmlmitrex_refsource_MISC
seclists.org/fulldisclosure/2020/Mar/13mitremailing-listx_refsource_FULLDISC
extensions.joomla.org/extension/creative-contact-form/mitrex_refsource_MISC
www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20200301-01/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000