CVE-2015-8564

Joomla! 3.4.x - Directory Traversal via XML Install File in Extension Package

Title source: llm

Description

Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html

Scores

EPSS 0.0006

EPSS Percentile 19.8%

Details

CWE

CWE-20 CWE-22

Status published

Products (5)

joomla/joomla\! 3.4.0

joomla/joomla\! 3.4.1

joomla/joomla\! 3.4.3

joomla/joomla\! 3.4.4

joomla/joomla\! 3.4.5

Published Dec 16, 2015

Tracked Since Feb 18, 2026