{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/com_fabrik-3.9.11/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2020-37219"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["com_fabrik 3.9.11"],"_cs_severities":["medium"],"_cs_tags":["directory-traversal","web-application","joomla"],"_cs_type":"advisory","_cs_vendors":["Joomla"],"content_html":"\u003cp\u003eJoomla com_fabrik version 3.9.11 is susceptible to a directory traversal vulnerability (CVE-2020-37219) that allows unauthenticated attackers to enumerate files on the system. This vulnerability exists within the onAjax_files method, where the folder parameter is not properly validated. By crafting a GET request with path traversal sequences in the folder parameter, an attacker can bypass intended restrictions and list files and directories outside the web root. This can lead to information disclosure and potentially further exploitation of the system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a Joomla com_fabrik installation running version 3.9.11.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a GET request targeting the \u003ccode\u003e/index.php\u003c/code\u003e endpoint with the \u003ccode\u003eoption=com_fabrik\u003c/code\u003e and \u003ccode\u003etask=plugin.pluginAjax\u003c/code\u003e parameters.\u003c/li\u003e\n\u003cli\u003eThe request includes \u003ccode\u003eplugin=fileupload\u003c/code\u003e and \u003ccode\u003emethod=onAjax_files\u003c/code\u003e to target the vulnerable method.\u003c/li\u003e\n\u003cli\u003eThe attacker injects path traversal sequences (e.g., \u003ccode\u003e../../../../\u003c/code\u003e) within the \u003ccode\u003efolder\u003c/code\u003e parameter of the GET request.\u003c/li\u003e\n\u003cli\u003eThe server-side application (com_fabrik) processes the request without proper sanitization of the \u003ccode\u003efolder\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application interprets the path traversal sequences, allowing access to directories outside the intended web root.\u003c/li\u003e\n\u003cli\u003eThe attacker receives a response containing a list of files and directories within the traversed path.\u003c/li\u003e\n\u003cli\u003eThe attacker can repeat this process to map out the file system and identify sensitive files.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthenticated attackers to list arbitrary files on the affected system. This information disclosure can lead to the exposure of sensitive configuration files, database credentials, or other confidential data. The CVSS v3.1 score of 7.5 indicates a high severity due to the potential for unauthorized access to sensitive information.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade com_fabrik to a version that addresses CVE-2020-37219.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003efolder\u003c/code\u003e parameter within the \u003ccode\u003eonAjax_files\u003c/code\u003e method to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Joomla com_fabrik Directory Traversal Attempt\u003c/code\u003e to identify potential exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server access logs for suspicious GET requests to \u003ccode\u003eindex.php\u003c/code\u003e with the \u003ccode\u003ecom_fabrik\u003c/code\u003e, \u003ccode\u003eplugin=fileupload\u003c/code\u003e, and \u003ccode\u003emethod=onAjax_files\u003c/code\u003e parameters, particularly those containing path traversal sequences in the \u003ccode\u003efolder\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests containing path traversal sequences targeting the \u003ccode\u003eonAjax_files\u003c/code\u003e method.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:18:41Z","date_published":"2026-05-13T16:18:41Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37219-joomla-fabrik-traversal/","summary":"Joomla com_fabrik 3.9.11 is vulnerable to a directory traversal attack (CVE-2020-37219) where an unauthenticated attacker can list arbitrary files by manipulating the folder parameter in a GET request to the onAjax_files method, using path traversal sequences to access system directories outside the web root.","title":"Joomla com_fabrik Directory Traversal Vulnerability (CVE-2020-37219)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2020-37219-joomla-fabrik-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Com_fabrik 3.9.11","version":"https://jsonfeed.org/version/1.1"}