CyberSec.Space Logo
Back to CVE Browser

CVE-2020-9364

MEDIUM
5.3
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile17.41th
PublishedMar 4, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.

Affected Platforms (CPE)

πŸ“¦
Creative Solutions

Creative Contact Form

= 4.6.2

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156655/Creative-Contact-Form-4.6.2-Directory-Traversal.html
πŸ”— http://seclists.org/fulldisclosure/2020/Mar/13
πŸ”— https://extensions.joomla.org/extension/creative-contact-form/
πŸ”— https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20200301-01/
πŸ”— http://packetstormsecurity.com/files/156655/Creative-Contact-Form-4.6.2-Directory-Traversal.html
πŸ”— http://seclists.org/fulldisclosure/2020/Mar/13
πŸ”— https://extensions.joomla.org/extension/creative-contact-form/
πŸ”— https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20200301-01/

Related Vulnerabilities

CVE-2014-87399.8

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...