Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.17057 Percentile:
0.94683
CVSS Scoring
CVSS v3.1 Score: 5.8
Severity: MEDIUM
Mapped CWE(s)
CWE-22
: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
All CAPEC(s)
CAPEC-126: Path Traversal
CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76: Manipulating Web Input to File System Calls
CAPEC-78: Using Escaped Slashes in Alternate Encoding