cbcvebase.
CVE-2010-5286
published 2012-11-26

CVE-2010-5286: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified…

PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
11.38%
95.5th percentile
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

Detection & IOCsextracted from sources · hover to see the quote

url/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00
path/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00
  • Look for directory traversal sequences (e.g., ./../../) combined with null byte (%00) in the 'controller' parameter of requests targeting the com_jstore Joomla component (option=com_jstore).
  • HTTP GET requests to index.php with both 'option=com_jstore' and a 'controller' parameter containing path traversal sequences should be flagged as exploitation attempts.
  • A successful exploitation response will contain Unix /etc/passwd file content matching the pattern 'root:.*:0:0:'; monitor HTTP 200 responses to com_jstore requests for this pattern.
  • ·The null byte (%00) is used to terminate the file path string, bypassing extension appending. This technique is only effective on PHP versions vulnerable to null byte injection (typically PHP < 5.3.4).
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.