CVE-2010-1305
published 2010-04-08CVE-2010-1305: Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module…
PriorityP341medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
20.72%
97.2th percentile
Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlamo | com_jinventory | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component JInventory 1.23.02 - Local File Inclusion
exploitdb·2010-04-05
CVE-2010-1305 Joomla! Component JInventory 1.23.02 - Local File Inclusion
Joomla! Component JInventory 1.23.02 - Local File Inclusion
---
Joomla Component JInventory Local File Inclusion
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : [email protected]
Date : 04 april 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : JInventory
version : 1.23.02
Price : 20.00 USD
Developer : Mo Kelly
License : GPL type : Commercial
Date Added : 11 April 2009
Download : http://joomlamo.com/joomlamo/downloads/cat_view/9-joomla-inventory.html
Demo : http://inventory.joomlamo.com/
Description :
This inventory component was designed to track inventory at a remote location.
There is a bar code printing component and import inventory component that wo
Nuclei
Joomla! Component JInventory 1.23.02 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1305 [MEDIUM] Joomla! Component JInventory 1.23.02 - Local File Inclusion
Joomla! Component JInventory 1.23.02 - Local File Inclusion
A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1305
info:
name: Joomla! Component JInventory 1.23.02 - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exp
http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951http://packetstormsecurity.org/1004-exploits/jinventory-lfi.txthttp://secunia.com/advisories/39351http://www.exploit-db.com/exploits/12065http://www.securityfocus.com/bid/39203http://www.vupen.com/english/advisories/2010/0811https://exchange.xforce.ibmcloud.com/vulnerabilities/57538http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951http://packetstormsecurity.org/1004-exploits/jinventory-lfi.txthttp://secunia.com/advisories/39351http://www.exploit-db.com/exploits/12065http://www.securityfocus.com/bid/39203http://www.vupen.com/english/advisories/2010/0811https://exchange.xforce.ibmcloud.com/vulnerabilities/57538
2010-04-08
Published