CVE-2009-4679
published 2010-03-08CVE-2009-4679: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.87%
94.0th percentile
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inertialfate | com_if_nexus | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
inertialFATE Com If Nexus 1.5 index.php controller path traversal (EDB-10754 / BID-37473)
vuldb·2026-05-02·CVSS 7.5
CVE-2009-4679 [HIGH] inertialFATE Com If Nexus 1.5 index.php controller path traversal (EDB-10754 / BID-37473)
A vulnerability classified as problematic was found in inertialFATE Com If Nexus 1.5. This impacts an unknown function of the file index.php. Such manipulation of the argument controller leads to path traversal.
This vulnerability is traded as CVE-2009-4679. The attack may be launched remotely. Furthermore, there is an exploit available.
GHSA
GHSA-938x-7pc2-p2gg: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1
ghsa_unreviewed·2022-05-02
CVE-2009-4679 [HIGH] CWE-22 GHSA-938x-7pc2-p2gg: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
No detection rules found.
Exploit-DB
Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
exploitdb·2009-12-29
CVE-2009-4679 Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
---
source: https://www.securityfocus.com/bid/37473/info
The iF Portfolio Nexus ('com_if_nexus') component for Joomla! is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
The following example URI is available:
http://www.example.com/[Yol]/index.php?option=com_kif_nexus&controller=[-LFI-]
Exploit-DB
Joomla! Component com_if_nexus - Remote File Inclusion
exploitdb·2009-12-28
CVE-2009-4679 Joomla! Component com_if_nexus - Remote File Inclusion
Joomla! Component com_if_nexus - Remote File Inclusion
---
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------
@~~=Author : Fl0riX
@~~=Greez : Deep-Power ,Pyske & All Friends
---------------Ooooo-------------------------
( )
ooooO ) /
( ) (_/
\ (
\_)
@~~=======================================~~@
@~~=Script :Joomla Component com_if_nexus
@~~=======================================~~@
@~~=Vuln
: http://site/ [Yol] /index.php?option=com_if_nexus&controller=[-LFI-]
/ ___ \ \ \ \ \ /\ / /
/ / \/ \ \ / \ \ / /
| | \ \/ / \ \/ /
| \ __ \ / \ /
\ \__/ / \ / \ /
\_____/ \/ \/
Nuclei
Joomla! Portfolio Nexus - Remote File Inclusion
nuclei·CVSS 7.5
CVE-2009-4679 [HIGH] Joomla! Portfolio Nexus - Remote File Inclusion
Joomla! Portfolio Nexus - Remote File Inclusion
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2009-4679
info:
name: Joomla! Portfolio Nexus - Remote File Inclusion
author: daffainfo
severity: high
description: |
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbit
2010-03-08
Published