CVE-2020-37219

EIP tracks 1 public exploit for CVE-2020-37219. PoCs published by qw3rTyTy.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Joomla! com_fabrik 3.9.11, allowing unauthorized access to files outside the intended directory via crafted HTTP requests. The PoC includes functional curl commands that successfully retrieve file listings from arbitrary directories.

Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root.