cbcvebase.
CVE-2010-2035
published 2010-05-25

CVE-2010-2035: Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and…

PriorityP270high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
15.78%
96.5th percentile
Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
perchacom_perchagallery

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00
path../../../../../../../../../../etc/passwd%00
  • Look for GET requests to index.php with option=com_perchagallery and a controller parameter containing directory traversal sequences (../) and a null byte (%00)
  • Match HTTP 200 response containing passwd file content pattern 'root:.*:0:0:' to confirm successful exploitation
  • Multiple Percha Joomla components are affected by the same LFI pattern: com_perchaimageattach, com_perchafieldsattach, com_perchadownloadsattach, com_perchagallery, com_perchacategoriestree
  • ·The null byte (%00) is required to truncate the file extension appended by the PHP include — this technique only works on PHP versions vulnerable to null byte injection (typically PHP < 5.3.4)

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.