CVE-2021-23132

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-23132. PoCs published by HoangKien1020, securitystuffbackup.

AI-analyzed exploit summary The repository contains a functional Python exploit for CVE-2021-23132, which leverages a path traversal vulnerability in Joomla's com_media component to achieve remote code execution (RCE). The exploit requires admin credentials and demonstrates the ability to create a superadmin account and execute arbitrary commands.

Description

An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads

Exploits (2)

nomisec WORKING POC 71 stars

by HoangKien1020 · poc

https://github.com/HoangKien1020/CVE-2021-23132

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2021-23132, which leverages a path traversal vulnerability in Joomla's com_media component to achieve remote code execution (RCE). The exploit requires admin credentials and demonstrates the ability to create a superadmin account and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Joomla core <=3.9.24

Auth required

Prerequisites: Admin account credentials · Access to the Joomla administration interface

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

gitlab WORKING POC

by securitystuffbackup · poc

https://gitlab.com/securitystuffbackup/CVE-2021-23132

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2021-23132, which leverages a path traversal vulnerability in Joomla's com_media component to achieve remote code execution (RCE). The exploit requires admin credentials and demonstrates the ability to create a superadmin account and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Joomla core <=3.9.24

Auth required

Prerequisites: Admin account (not Superadmin) · Python3 · lxml library

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc vendor-advisory

https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html

Joomla! 3.0.0-3.9.24 - Unauthenticated Arbitrary File Upload via com_media

Exploitation Summary

Description

Exploits (2)

References (1)

Scores

Details