CVE-2010-1980

Опубликовано: 19 мая 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

Ссылки

http://bitbucket.org/roberto.aloi/joomla-flickr/changeset/64ebf6b25030
Patch
http://packetstormsecurity.org/1004-exploits/joomlaflickr-lfi.txt
Exploit
http://secunia.com/advisories/39358
Vendor Advisory
http://www.exploit-db.com/exploits/12085
Exploit
http://www.securityfocus.com/bid/39251
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/57573
http://bitbucket.org/roberto.aloi/joomla-flickr/changeset/64ebf6b25030
Patch
http://packetstormsecurity.org/1004-exploits/joomlaflickr-lfi.txt
Exploit
http://secunia.com/advisories/39358
Vendor Advisory
http://www.exploit-db.com/exploits/12085
Exploit
http://www.securityfocus.com/bid/39251
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/57573

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:roberto_aloi:com_joomlaflickr:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06951

Низкий

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-gqj3-w7c6-64hm

github

больше 3 лет назад