CVE-2010-2259
published 2010-06-09CVE-2010-2259: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files…
PriorityP357high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
18.52%
96.9th percentile
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tamlyncreative | com_bfsurvey_basic | <= 1.1 | — |
| tamlyncreative | com_bfsurvey_pro | <= 1.3.0 | — |
| tamlyncreative | com_bfsurvey_profree | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component com_bfsurvey - Local File Inclusion
exploitdb·2010-01-03
CVE-2010-2259 Joomla! Component com_bfsurvey - Local File Inclusion
Joomla! Component com_bfsurvey - Local File Inclusion
---
@~~=======================================~~@
@~~=Script : Joomla Component com_bfsurvey
@~~=Author : FL0RiX
@~~=HomePage: www.oltan.org
@~~=Greez : Deep-Power ,Pyske,Wretch-x & All Friends
@~~=Bug Type : Local File Inlusion(LFI)
@~~=Dork : inurl:"com_bfsurvey"
@~~=======================================~~@
@~~=Vuln
: http://site/ [Yol] /index.php?option=com_bfsurvey&controller= [-LFI-]
Nuclei
Joomla! Component com_bfsurvey - Local File Inclusion
nuclei·CVSS 7.5
CVE-2010-2259 [HIGH] Joomla! Component com_bfsurvey - Local File Inclusion
Joomla! Component com_bfsurvey - Local File Inclusion
A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-2259
info:
name: Joomla! Component com_bfsurvey - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
remediation: Upgra
No writeups or analysis indexed.
http://osvdb.org/61438http://packetstormsecurity.org/1001-exploits/joomlabfsurvey-lfi.txthttp://secunia.com/advisories/37866http://www.exploit-db.com/exploits/10946http://www.securityfocus.com/bid/37584http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0http://osvdb.org/61438http://packetstormsecurity.org/1001-exploits/joomlabfsurvey-lfi.txthttp://secunia.com/advisories/37866http://www.exploit-db.com/exploits/10946http://www.securityfocus.com/bid/37584http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0
2010-06-09
Published