CVE-2022-23793

State: PUBLISHED · Published: 2022-03-30 · Updated: 2026-02-25 · Assigner: Joomla

Description

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.

CWE

(none)

Affected

Joomla! Project / Joomla! CMS — v=3.0.0-3.10.6 & 4.0.0-4.1.0 [affected]
Joomla! Project / joomla/archive — v=1.0.0-1.1.11 & 2.0.0 [affected]

CVSS

(none)

References

https://developer.joomla.org/security-centre/870-20220301-core-zip-slip-within-the-tar-extractor.html x_refsource_MISC, vendor-advisory
http://packetstormsecurity.com/files/166546/Joomla-4.1.0-Zip-Slip-File-Overwrite-Path-Traversal.html x_refsource_MISC

Source

cvelistV5-main/cves/2022/23xxx/CVE-2022-23793.json