CVE-2019-25760
MediumCVSS 6.2Exploitation Probability (EPSS)
Low risk34th percentile — higher than 34% of all known CVEs
Summary
The Joomla! Component Easy Shop version 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the appropriate parameters to access sensitive files.
Risk Assessment
This vulnerability may lead to the disclosure of sensitive information, such as configuration and system files, posing a serious threat to the security of the application and the organization's data.
Recommendation
It is recommended to update the Easy Shop component to the latest version and implement appropriate security measures to minimize the risk of local file inclusion.
Original NVD description (English source)
Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task set to ajax.loadImage, and a base64-encoded file path in the file parameter to retrieve sensitive files like configuration.php and system files.

