Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-4270

Опубликовано: 17 нояб. 2010
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:*:*:*:*:*:*
Версия до 1.2_10 (включая)
cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:std:*:*:*:*:*
Версия до 2.0.9 (включая)
cpe:2.3:a:netshinesoftware:com_netinvoice:*:*:lite:*:*:*:*:*
Версия до 2.0.10 (включая)
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01011
Низкий

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-48cp-9vmv-3948

github
больше 3 лет назад

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.

EPSS

Процентиль: 77%
0.01011
Низкий

5 Medium

CVSS2

Дефекты

CWE-22