Main Vulnerability Database Vulnerabilities #VU52172

#VU52172 PHP file inclusion in Joomla! - CVE-2021-26031

Published: April 13, 2021

Vulnerability identifier: #VU52172

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-26031

CWE-ID: CWE-98

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Joomla!

Software vendor:
Joomla!

Description

The vulnerability allows a remote user to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files on module layout settings. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

Remediation

Install updates from vendor's website.

External links

https://developer.joomla.org/security-centre/851-20210402-core-inadequate-filters-on-module-layout-settings.html

#VU52172 PHP file inclusion in Joomla! - CVE-2021-26031

Description

Remediation

External links

Please verify you're human