CVE-2010-5280
CVE-2010-5280
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.org/1010-exploits/joomlacbe-lfi.txtno verificadocve_referencewww.exploit-db.com/exploits/15222no verificadoexploitdbwww.exploit-db.com/exploits/15222no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txthttp://secunia.com/advisories/41741https://exchange.xforce.ibmcloud.com/vulnerabilities/62375https://exchange.xforce.ibmcloud.com/vulnerabilities/62376http://www.exploit-db.com/exploits/15222http://www.securityfocus.com/archive/1/514183/100/0/threadedhttp://www.securityfocus.com/bid/43873