CVE-2010-1875
published 2010-05-12CVE-2010-1875: Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
15.72%
96.5th percentile
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| com-property | com_properties | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Property - Local File Inclusion
exploitdb·2010-03-23
CVE-2010-1875 Joomla! Component Property - Local File Inclusion
Joomla! Component Property - Local File Inclusion
---
Joomla Component Property Local File Inclusion
Author : Chip D3 Bi0s
Group : LatinHackTeam
Email & msn : chipdebios[alt+64]gmail.com
Date : 22 March 2010
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Property
Developer : este8an
License : GPL type : Non Commercial
Date Added : 22 January 2009
Download : http://www.com-property.com/download.html?func=select&id=2
Description :
Property is a new Real Estate component 100% FREE native Joomla 1.5.
compatible with sh404sef and joomfish.
Add Profiles (Agent data: Client is a user joomla registered)
Can change permissions in User Manager to 'Agent' , then this
user can publ
Nuclei
Joomla! Component Property - Local File Inclusion
nuclei·CVSS 7.5
CVE-2010-1875 [HIGH] Joomla! Component Property - Local File Inclusion
Joomla! Component Property - Local File Inclusion
A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-1875
info:
name: Joomla! Component Property - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
impact: |
This vulnerability can result in the exposure of sensitive data, suc
http://secunia.com/advisories/39074http://www.exploit-db.com/exploits/11851http://www.osvdb.org/63143http://www.securityfocus.com/bid/38912https://exchange.xforce.ibmcloud.com/vulnerabilities/57110http://secunia.com/advisories/39074http://www.exploit-db.com/exploits/11851http://www.osvdb.org/63143http://www.securityfocus.com/bid/38912https://exchange.xforce.ibmcloud.com/vulnerabilities/57110
2010-05-12
Published