Joomla Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2019-10945
An issue was discovered in Joomla before 3.9.5. The Media Manager component does not properly sanitize the folder parameter allowing attackers to act outside the media manager root directory.