Description
The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Affected Installs
Joomla! CMS versions 2.5.0 - 3.9.22
Solution
Upgrade to version 3.9.23
Contact
The JSST at the Joomla! Security Centre.
Reported By: Lee Thao from Viettel Cyber Security, Phil Taylor