CVE-2025-22213 Information

Description

Inadequate checks in the Media Manager allowed users with dit\ privileges to change file extension to arbitrary extension including .php and other potentially executable extensions.

Reference

https://developer.joomla.org/security-centre/961-20250301-core-malicious-file-uploads-via-media-managere-malicious-file-uploads-via-media-manager.html