CVE-2009-1496
published 2009-05-01CVE-2009-1496: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.18%
93.5th percentile
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ijobid | com_cmimarketplace | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
exploitdb·2009-04-08
CVE-2009-1496 Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
---
#############################################################################
# #
# Joomla Component Cmimarketplace Directory Traversal Vulnerability #
# #
#############################################################################
########################################
[~] Vulnerability found by: H!tm@N
[~] Contact: khghitman[at]gmail[dot]com
[~] Site: www.khg-crew.ws
[~] Greetz: boom3rang, KHG, chs, redc00de
[~] -=[Kosova Hackers Group]=--=[KHG-Crew]=-
########################################
[~] ScriptName: "Joomla"
[~] Component: "Cmimarketplace (com_cmimarketplace)"
[~] Date: "August 2008"
[~] Author: "Magnetic Merchandising Inc."
[~] E-mail: "[email protected]"
[~] Author URL: "www.ijobid.com"
###########
Nuclei
Joomla! Cmimarketplace 0.1 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2009-1496 [MEDIUM] Joomla! Cmimarketplace 0.1 - Local File Inclusion
Joomla! Cmimarketplace 0.1 - Local File Inclusion
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
Template:
id: CVE-2009-1496
info:
name: Joomla! Cmimarketplace 0.1 - Local File Inclusion
author: daffainfo
severity: medium
description: |
Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: |
Apply the latest patch or upgrade to a
2009-05-01
Published