CVE-2010-1315
published 2010-04-08CVE-2010-1315: Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows…
PriorityP336medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.23%
94.2th percentile
Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlamo | com_weberpcustomer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component webERPcustomer - Local File Inclusion
exploitdb·2010-04-01
CVE-2010-1315 Joomla! Component webERPcustomer - Local File Inclusion
Joomla! Component webERPcustomer - Local File Inclusion
---
Joomla Component webERPcustomer Local File Inclusion
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : [email protected]
Date : 31 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : webERPcustomer
version : 1.2.1
Developer : Mo Kelly
License : GPL type : Commercial
Price : 20.00 USD
Date Added : 24 June 2009
Download : http://joomlamo.com/joomlamo/downloads/cat_view/8-extensions-integrated-with-weberp.html
Description :
webERPcustomer is a Joomla! component integrated with webERP. Upon logging in and clicking the webERPcustomer
menu selection the user/salesperson will be able to view and updat
Nuclei
Joomla! Component webERPcustomer - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1315 [MEDIUM] Joomla! Component webERPcustomer - Local File Inclusion
Joomla! Component webERPcustomer - Local File Inclusion
A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1315
info:
name: Joomla! Component webERPcustomer - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an att
No writeups or analysis indexed.
http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txthttp://secunia.com/advisories/39209http://www.exploit-db.com/exploits/11999https://exchange.xforce.ibmcloud.com/vulnerabilities/57482http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txthttp://secunia.com/advisories/39209http://www.exploit-db.com/exploits/11999https://exchange.xforce.ibmcloud.com/vulnerabilities/57482
2010-04-08
Published