CVE-2010-0760
published 2010-02-27CVE-2010-0760: Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.86%
76.6th percentile
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| greatjoomla | scriptegrator_plugin | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52q3-cgph-xhf4: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2010-0759 [MEDIUM] CWE-22 GHSA-52q3-cgph-xhf4: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.
GHSA
GHSA-9jjc-8wp4-j2mp: Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2010-0760 [HIGH] CWE-22 GHSA-9jjc-8wp4-j2mp: Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
VulnCheck
greatjoomla scriptegrator_plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2010·CVSS 7.5
CVE-2010-0759 [HIGH] greatjoomla scriptegrator_plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
greatjoomla scriptegrator_plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.
Affected: greatjoomla scriptegrator_plugin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2010-0759
Suricata
GPL WEB_SERVER Tomcat server snoop access
suricata·2010-09-23
CVE-2000-0760 GPL WEB_SERVER Tomcat server snoop access
GPL WEB_SERVER Tomcat server snoop access
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"GPL WEB_SERVER Tomcat server snoop access"; flow:established,to_server; http.uri; content:"/jsp/snp/"; content:".snp"; reference:bugtraq,1532; reference:cve,2000-0760; classtype:attempted-recon; sid:2101108; rev:15; metadata:created_at 2010_09_23, cve CVE_2000_0760, signature_severity Unknown, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08;)
No writeups or analysis indexed.
2010-02-27
Published