cbcvebase.
CVE-2010-0759
published 2010-02-27

CVE-2010-0759: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for…

PriorityP269high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
14.96%
96.3th percentile
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.

Affected

1 ranges
VendorProductVersion rangeFixed in
greatjoomlascriptegrator_plugin

Detection & IOCsextracted from sources · hover to see the quote

path/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php
url{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd
urlhttp://server/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd
  • Look for HTTP GET requests targeting jsloader.php with a 'files[]' parameter containing path traversal sequences (e.g., /etc/passwd or ../../) in the URL path /plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php.
  • The exploit uses the HTTP GET parameter 'files[]' to pass arbitrary file paths to PHP's include() function; monitor web logs for requests with 'files[]=' containing absolute paths or traversal sequences.
  • Successful exploitation returns the contents of /etc/passwd; detect by matching the response body for the pattern 'root:.*:0:0:' on HTTP 200 responses to the vulnerable endpoint.
  • CVE-2010-0760 covers a related but distinct vector: the 'file' parameter to libraries/jquery/js/ui/jsloader.php and 'files[]' to libraries/jquery/js/jsloader.php — monitor those paths as well.
  • ·Exploitation is limited to Local File Inclusion (LFI) only — remote file inclusion is blocked by an is_file() check, so only files readable by the httpd user on the local filesystem can be included/executed.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.