Primary

Context

Joomla! CMS Path Traversal Vulnerability in com_media Webservice Endpoint

Vulnerability

Patched

A path traversal vulnerability has been identified in the Joomla! CMS within the com_media files API endpoint. This issue arises from improper validation of the search parameter, allowing attackers to manipulate file paths and potentially access unauthorized files. The vulnerability affects Joomla! CMS versions 4.0.0 through 5.4.5 and 6.0.0 through 6.1.0.

Impact

Exploitation of this vulnerability allows for path traversal, enabling attackers to access files outside the intended directory.

Remediation

Users can upgrade to Joomla! CMS versions 5.4.6 or 6.1.1 to address this vulnerability.

Added: May 26, 2026, 11:15 PM

Updated: May 26, 2026, 11:15 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

7.6

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla! CMS Path Traversal Vulnerability in com_media Webservice Endpoint

Vulnerability

Impact

Remediation

Affected Products

Joomla

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating