Joomla com_fabrik Directory Traversal Vulnerability

A directory traversal vulnerability has been identified in the Joomla com_fabrik component, specifically in version 3.9.11. This vulnerability allows unauthenticated attackers to list arbitrary files by manipulating the 'folder' parameter. Exploitation involves sending GET requests to the 'onAjax_files' method with path traversal sequences, enabling attackers to enumerate files in system directories outside the intended web root.

Impact

Exploitation of this vulnerability could lead to unauthorized file enumeration, allowing attackers to access sensitive information or files stored in system directories.

Reproduction

To reproduce this vulnerability, send a GET request to 'index.php' with the 'option=com_fabrik', 'task=plugin.pluginAjax', 'plugin=image', 'g=element', and 'method=onAjax_files' parameters. Include a crafted 'folder' parameter that uses directory traversal sequences to navigate outside the web root, such as targeting the '/tmp/' directory or user-specific directories.

Remediation

Users are advised to update to the latest version of the com_fabrik component, as this vulnerability has been patched in version 3.9.12.