An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| https://extensions.joomla.org/extension/creative-contact-form/ | third party advisory |
| https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20200301-01/ | third party advisory exploit |
| http://seclists.org/fulldisclosure/2020/Mar/13 | mailing list exploit third party advisory |
| http://packetstormsecurity.com/files/156655/Creative-Contact-Form-4.6.2-Directory-Traversal.html | exploit vdb entry third party advisory |