CVE-2009-2100
published 2009-06-17CVE-2009-2100: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.23%
94.2th percentile
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlapraise | com_projectfork | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j39h-m6w2-6x67: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2
ghsa_unreviewed·2022-05-02
CVE-2009-2100 [MEDIUM] CWE-22 GHSA-j39h-m6w2-6x67: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
Red Hat
kernel: ext4: fix inconsistency in ext4_fill_flex_info()
vendor_redhat·2012-01-10·CVSS 7.1
CVE-2012-2100 [HIGH] kernel: ext4: fix inconsistency in ext4_fill_flex_info()
kernel: ext4: fix inconsistency in ext4_fill_flex_info()
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise MRG 2.
Package: kernel (Red Hat Enterprise Linux 4) - Will not fix
Package: realtime-kernel (Red Hat Enterprise MRG 2) - Affected
No detection rules found.
Exploit-DB
Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Configuration Cross-Site Request Forgery
exploitdb·2010-07-07
Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Configuration Cross-Site Request Forgery
Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Configuration Cross-Site Request Forgery
---
I found CSRF vulnerability in Harris Stratex WIMAX 2100 subscriber
station.Using this code i am able to view the current configuration of the
subscriber station without authentication from both LAN & WAN
# Software Link:http://securityvulns.com/Wdocument736.html
# Version: 3.0.4.1.7.C
# Tested on: Any os
# CVE : No
Product :StarMAX 2100 WIMAX subscriber station
Affected Application Version: 3.0.4.1.7.C
Vendor submission:07-04-2009
Vendor Response:No
Vulnerability:Able to view the running configuration without authentication
from both LAN & WAN
Thanks
Kalyan
Security researcher
Exploit-DB
Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
exploitdb·2009-06-15
CVE-2009-2100 Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
---
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------
@~~=Author : ByALBAYX
@~~=Website : WWW.C4TEAM.ORG
---------------Ooooo-------------------------
( )
ooooO ) /
( ) (_/
\ (
\_)
@~~=======================================~~@
@~~=Script : Joomla Component Com_Projectfork
@~~=S.Site : http://joomlapraise.com
@~~=======================================~~@
@~~=Vul :
@~~=http://c4team.org/ [Yol] /index.php?option=com_projectfork§ion= [-LFI-]
@~~=Dork : inurl:"com_projectfork"
@~~=http://kht.by.ru/Google.txt
@~~=Vs..
@~~=======================================~~@
@~~=:/
# milw0rm.com [2009-06-15]
Nuclei
Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2009-2100 [MEDIUM] Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
Template:
id: CVE-2009-2100
info:
name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
author: daffainfo
severity: medium
description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
remediation: |
Upgrade to a patched version of Joo
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2012-2100 kernel: ext4: fix inconsistency in ext4_fill_flex_info()
bugzilla·2012-04-04·CVSS 7.1
CVE-2012-2100 [HIGH] CVE-2012-2100 kernel: ext4: fix inconsistency in ext4_fill_flex_info()
CVE-2012-2100 kernel: ext4: fix inconsistency in ext4_fill_flex_info()
Commit 503358ae01b70ce6909d19dd01287093f6b6271c ("ext4: avoid divide by zero when trying to mount a corrupted file system") fixes CVE-2009-4307 by performing a sanity check on s_log_groups_per_flex, since it can be set to a bogus value by an attacker.
More info from Wang Xi:
The first commit (503358ae) fixes the division by zero. The fix is not perfect because:
1) Theoretically, a standard-conforming C compiler could generate code that is still vulnerable to division by zero, but I was not aware of any compilers doing that.
2) Logically, we should have groups_per_flex = 2^s_log_groups_per_flex, and the fix doesn't really ensure that. This is obviously not good, but not sure how bad the consequence would be.
Introduce
2009-06-17
Published