CVE Catalog

CVE-2019-25760

MediumCVSS 6.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile — higher than 34% of all known CVEs

Summary

The Joomla! Component Easy Shop version 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the appropriate parameters to access sensitive files.

Risk Assessment

This vulnerability may lead to the disclosure of sensitive information, such as configuration and system files, posing a serious threat to the security of the application and the organization's data.

Recommendation

It is recommended to update the Easy Shop component to the latest version and implement appropriate security measures to minimize the risk of local file inclusion.

Original NVD description (English source)

Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task set to ajax.loadImage, and a base64-encoded file path in the file parameter to retrieve sensitive files like configuration.php and system files.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS