CVE-2026-21625 | THREATINT

Description

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.

PUBLISHED Reserved 2026-01-01 | Published 2026-01-16 | Updated 2026-01-16 | Assigner Joomla

MEDIUM: 4.8CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

unaffected

1.0.0-5.0.15

affected

Credits

simoni finder

Swiss Paraplegic Research sponsor

References

stackideas.com/easydiscuss product

cve.org (CVE-2026-21625)

nvd.nist.gov (CVE-2026-21625)

Download JSON