cbcvebase.
CVE-2010-2018
published 2010-05-24

CVE-2010-2018: Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file…

PriorityP433medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.26%
86.8th percentile
Directory traversal vulnerability in downlot.php in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Affected

16 ranges
VendorProductVersion rangeFixed in
bukulokomedialokomedia_cms
bukulokomedialokomedia_cms
msrcmicrosoft_office_2010_service_pack_2
msrcmicrosoft_office_2016_click-to-run_for_32-bit_editions
msrcmicrosoft_office_2016_click-to-run_for_64-bit_editions
msrcmicrosoft_office_2016_for_mac
msrcmicrosoft_office_online_server_2016
msrcmicrosoft_office_web_apps_2010_service_pack_2
msrcmicrosoft_office_web_apps_server_2013_service_pack_1
msrcmicrosoft_sharepoint_enterprise_server_2013_service_pack_1
msrcmicrosoft_sharepoint_enterprise_server_2016
msrcmicrosoft_sharepoint_server_2010_service_pack_2
msrcmicrosoft_word_2010_service_pack_2
msrcmicrosoft_word_2013_rt_service_pack_1
msrcmicrosoft_word_2013_service_pack_1
msrcmicrosoft_word_2016

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_msrc7.5LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.