QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12712

Published: Jun 26, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

https://developer.joomla.org/security-centre/741-20180601-core-local-file-inclusion-with-php-5-3

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.