Описание
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party Advisory
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Broken LinkExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:chillcreations:com_ccnewsletter:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02939
Низкий
5.8 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.8
github
почти 4 года назад
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
EPSS
Процентиль: 86%
0.02939
Низкий
5.8 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22