Codextrous: >> B2j Contact >> 2.1.12 Security Vulnerabilities
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-05-17
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-05-17
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-05-17