CVE-2010-3426
published 2010-09-16CVE-2010-3426: Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute…
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.11%
96.1th percentile
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 4you-studio | com_jphone | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
exploitdb·2010-09-10
CVE-2010-3426 Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
---
JPhone 1.0 Alpha 3 Component Joomla Local File Inclusion
- Discovered by : Chip D3 Bi0s
- Email : chipdebios[at]gmail[dot]com
- Group : LatinHackTeam
- Date : 2010-09-10
- Where : From Remote
Affected software description
Application : Jphone
Developer : Urs Kobald
Compatibility : 1.0 Alpha 3
License : GPLv2 or later
Date Added : 14 Aug 2010
website : http://www.4you-studio.com
Download : http://www.joomlafrance.org/telecharger/download/Jphone/344bbad81cf491b6e5215e3f15fc3fb7.html
I. BACKGROUND
Called Jphone, component agency 4you studio allows for your Joomla adapted mobile
version with a real interface using page transition effects rather pro
(the cube effect and popup are very nice).
Consisting of a component and
Nuclei
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2010-3426 [HIGH] Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
Template:
id: CVE-2010-3426
info:
name: Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read sensitive files on t
http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txthttp://www.exploit-db.com/exploits/14964http://www.securityfocus.com/bid/43147https://exchange.xforce.ibmcloud.com/vulnerabilities/61723http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txthttp://www.exploit-db.com/exploits/14964http://www.securityfocus.com/bid/43147https://exchange.xforce.ibmcloud.com/vulnerabilities/61723
2010-09-16
Published