CVE-2016-9836

CRITICAL

Joomla! < 3.6.4 - Improper Access Control

Title source: rule

Description

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.

Exploits (1)

References (2)

Scores

CVSS v3 9.8
EPSS 0.0037
EPSS Percentile 59.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (1)
joomla/joomla\! < 3.6.4
Published Dec 05, 2016
Tracked Since Feb 18, 2026