CVE-2020-37219 PUBLISHED

Joomla com_fabrik 3.9.11 Directory Traversal via image.php

Assigner: VulnCheck
Reserved: 13.05.2026 Published: 13.05.2026 Updated: 13.05.2026

Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 8.7

Product Status

Vendor Fabrikar
Product com_fabrik
Versions
  • Version 3.9.11 is affected

Credits

  • qw3rTyTy finder

References

Problem Types

  • Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE