CVE-2010-2045
published 2010-05-25CVE-2010-2045: Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read…
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.93%
94.6th percentile
Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dionesoft | com_dioneformwizard | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
exploitdb·2010-05-13
CVE-2010-2045 Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
---
Joomla Component FDione Form Wizard lfi vulnerability
Author : Chip D3 Bi0s
Email : chipdebios[alt+64]gmail.com
Date : 2010-05-13
Impact : Exposure of sensitive information
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Dione Form Wizard
version : 1.0.2
Developer : Dione Soft Company
License : GPL type : Commercial
price : $20
Date Added : 9 may 2010
Download : http://dionesoft.com/products/dione_form_wizard/product.html
Description :
Dione Form Wizard is Joomla! component allows website administrator to create web forms easily through simple drag-and-drop editor.
This product gives you the power to create forms that run inside Joomla without requiring knowledge of HT
Nuclei
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2010-2045 [HIGH] Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
Template:
id: CVE-2010-2045
info:
name: Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker
http://osvdb.org/64633http://packetstormsecurity.org/1005-exploits/joomlafdione-lfi.txthttp://secunia.com/advisories/39755http://www.exploit-db.com/exploits/12595http://www.securityfocus.com/bid/40166https://exchange.xforce.ibmcloud.com/vulnerabilities/58574http://osvdb.org/64633http://packetstormsecurity.org/1005-exploits/joomlafdione-lfi.txthttp://secunia.com/advisories/39755http://www.exploit-db.com/exploits/12595http://www.securityfocus.com/bid/40166https://exchange.xforce.ibmcloud.com/vulnerabilities/58574
2010-05-25
Published