CVE-2010-1217
published 2010-03-30CVE-2010-1217: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to…
PriorityP335medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
6.43%
92.8th percentile
Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
exploitdb·2010-03-19
CVE-2010-1217 Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
---
joomla component & plugin JE Tooltip Local File Inclusion
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : chipdebios[alt+64]gmail.com
Date : 11 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : JE Tooltip (component and plugin)
version : 1.0
Developer : Hardik Mistry
License : GPL type : Commercial
Date Added : 11 March 2010
Demo : http://joomlaextensions.co.in/formcreator/
Download : http://joomlaextensions.co.in/extensions/joomla-module.html?page=shop.product_details&category_id=4&flypage=flypage.tpl&product_id=51&vmcchk=1
Description :
JE Tooltip new Joomla 1.5 native MVC component
Nuclei
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
nuclei·CVSS 4.3
CVE-2010-1217 [MEDIUM] Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
Template:
id: CVE-2010-1217
info:
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read a
No writeups or analysis indexed.
http://osvdb.org/63120http://secunia.com/advisories/39063http://www.exploit-db.com/exploits/11814http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txthttp://www.securityfocus.com/bid/38866http://osvdb.org/63120http://secunia.com/advisories/39063http://www.exploit-db.com/exploits/11814http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txthttp://www.securityfocus.com/bid/38866
2010-03-30
Published