CVE-2010-2857
published 2010-07-25CVE-2010-2857: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.85%
90.9th percentile
Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
| danieljamesscott | com_music | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Music Manager - Local File Inclusion
exploitdb·2010-07-08
CVE-2010-2857 Joomla! Component Music Manager - Local File Inclusion
Joomla! Component Music Manager - Local File Inclusion
---
Critical Level : HIGH
Vendor Url : http://danieljamesscott.org/software/4-joomla-extensions/4-music-manager.html
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
########################################################
# I'm SiD3^effects member from Inj3ct0r Team #
# Support e-mail : submit[at]inj3ct0r.com #
########################################################
Description
Music Manager is an extension for Joomla! 1.5 which allows management of a music collection. It is easy to use and very flexible. Users can manage their music collection by artist, album and song. This compone
Nuclei
Joomla! Component Music Manager - Local File Inclusion
nuclei·CVSS 6.8
CVE-2010-2857 [MEDIUM] Joomla! Component Music Manager - Local File Inclusion
Joomla! Component Music Manager - Local File Inclusion
A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.
Template:
id: CVE-2010-2857
info:
name: Joomla! Component Music Manager - Local File Inclusion
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, sensitive data exposure, and remote code execution.
remed
http://packetstormsecurity.org/1007-exploits/joomlamusicmanager-lfi.txthttp://www.exploit-db.com/exploits/14274http://www.securityfocus.com/bid/41485https://exchange.xforce.ibmcloud.com/vulnerabilities/60195http://packetstormsecurity.org/1007-exploits/joomlamusicmanager-lfi.txthttp://www.exploit-db.com/exploits/14274http://www.securityfocus.com/bid/41485https://exchange.xforce.ibmcloud.com/vulnerabilities/60195
2010-07-25
Published