CVE-2010-1858
published 2010-05-07CVE-2010-1858: Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via…
PriorityP341medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
13.62%
96.0th percentile
Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gelembjuk | com_smestorage | <= 1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component SMEStorage - Local File Inclusion
exploitdb·2010-03-23
CVE-2010-1858 Joomla! Component SMEStorage - Local File Inclusion
Joomla! Component SMEStorage - Local File Inclusion
---
Joomla Component SMEStorage Local File Inclusion
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : chipdebios[alt+64]gmail.com
Date : 23 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : SMEStorage
Developer : Roman Gelembjuk
License : GPL type : Non - Commercial
Date Added : 12 March 2010
Download : http://gelembjuk.com/index.php?option=com_smestorage&Itemid=60&file=Jooomla+tools%2FSMEStorage+joomla+component.zip&task=showfile
Description :
SMEStorage QFD is SMEStorage quick files directory.
This is Joomla 1.5 component for managing files directory.
Use this component if you want to setup files dir
Nuclei
Joomla! Component SMEStorage - Local File Inclusion
nuclei·CVSS 5.0
CVE-2010-1858 [MEDIUM] Joomla! Component SMEStorage - Local File Inclusion
Joomla! Component SMEStorage - Local File Inclusion
A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
Template:
id: CVE-2010-1858
info:
name: Joomla! Component SMEStorage - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to unauthorized access and
http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txthttp://secunia.com/advisories/39071http://www.exploit-db.com/exploits/11853http://www.securityfocus.com/bid/38911https://exchange.xforce.ibmcloud.com/vulnerabilities/57108http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txthttp://secunia.com/advisories/39071http://www.exploit-db.com/exploits/11853http://www.securityfocus.com/bid/38911https://exchange.xforce.ibmcloud.com/vulnerabilities/57108
2010-05-07
Published