An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.
{ "versions": [ { "introduced": "0" }, { "fixed": "3.8.12" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15882.json"