CVE-2010-0467
published 2010-02-02CVE-2010-0467: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .…
PriorityP353medium5.8CVSS 3.1
AVNACLPRNUINSCCLINAN
EXPLOIT
EPSS
43.30%
98.6th percentile
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chillcreations | com_ccnewsletter | — | — |
CVSS provenance
nvdv3.15.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Chillcreations Com Ccnewsletter 1.0.5 index.php controller path traversal (EDB-11282 / Nessus ID 43636)
vuldb·2026-04-29·CVSS 5.8
CVE-2010-0467 [MEDIUM] Chillcreations Com Ccnewsletter 1.0.5 index.php controller path traversal (EDB-11282 / Nessus ID 43636)
A vulnerability, which was classified as problematic, has been found in Chillcreations Com Ccnewsletter 1.0.5. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument controller results in path traversal.
This vulnerability is reported as CVE-2010-0467. The attack is possible to be carried out remotely. Moreover, an exploit is present.
GHSA
GHSA-c2pp-46rf-cqg2: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1
ghsa_unreviewed·2022-05-02
CVE-2010-0467 [MEDIUM] CWE-22 GHSA-c2pp-46rf-cqg2: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
No detection rules found.
Exploit-DB
Joomla! Component CCNewsLetter - Directory Traversal
exploitdb·2010-01-28
CVE-2010-0467 Joomla! Component CCNewsLetter - Directory Traversal
Joomla! Component CCNewsLetter - Directory Traversal
---
[~]>> ...[BEGIN ADVISORY]...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[~]>> TITLE: Joomla (com_ccnewsletter) Directory Traversal Vulnerability
[~]>> LANGUAGE: PHP
[~]>> DORK: N/A
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TESTED ON: LocalHost
[~]>> (( -- Sorry for not including a single advisory with this Component --))
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[~]>> DESCRIPTION: Input var controller is vulnerable to Directory Traversal Vuln
[~]>> AFFECTED VERSIONS: Confirmed in 1.0.5 but probably other versions also
[~]>> RISK: Medium/High
[~]>> IMPACT: Access to all PHP files in WebServer (Null Byte is f
Exploit-DB
Joomla! Component CCNewsLetter - Local File Inclusion
exploitdb·2010-01-28
CVE-2010-0467 Joomla! Component CCNewsLetter - Local File Inclusion
Joomla! Component CCNewsLetter - Local File Inclusion
---
Joomla Component com_ccnewsletter Local File Inclusion
###########################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Email : [email protected]
.:. Home : www.sec-attack.com/vb
.:. Script : Joomla Component com_ccnewsletter
.:. Bug Type : Local File Inclusion [LFI]
.:. Dork : inurl:"com_ccnewsletter"
.:. Date : 28/1/2010
#############################################
===[ Exploit ]===
http://server/index.php?option=com_ccnewsletter&controller=[LFI]
http://server/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00
#############################################
Greats T0: My Mind & All member Sec Attack
Nuclei
Joomla! Component CCNewsLetter - Local File Inclusion
nuclei·CVSS 5.8
CVE-2010-0467 [MEDIUM] Joomla! Component CCNewsLetter - Local File Inclusion
Joomla! Component CCNewsLetter - Local File Inclusion
A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
Template:
id: CVE-2010-0467
info:
name: Joomla! Component CCNewsLetter - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading
http://secunia.com/advisories/38378http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.htmlhttp://www.exploit-db.com/exploits/11277http://www.exploit-db.com/exploits/11282http://www.securityfocus.com/bid/37987https://exchange.xforce.ibmcloud.com/vulnerabilities/55953http://secunia.com/advisories/38378http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.htmlhttp://www.exploit-db.com/exploits/11277http://www.exploit-db.com/exploits/11282http://www.securityfocus.com/bid/37987https://exchange.xforce.ibmcloud.com/vulnerabilities/55953
2010-02-02
Published