CVE-2010-1056

Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/62972
http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt	Exploit
http://secunia.com/advisories/38982	Vendor Advisory
http://www.exploit-db.com/exploits/11760	Exploit
http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released	Patch Vendor Advisory
http://www.securityfocus.com/bid/38741	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/56898
http://osvdb.org/62972
http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt	Exploit
http://secunia.com/advisories/38982	Vendor Advisory
http://www.exploit-db.com/exploits/11760	Exploit
http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released	Patch Vendor Advisory
http://www.securityfocus.com/bid/38741	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/56898

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:rockettheme:com_rokdownloads::::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:0.91:a::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:0.92:a::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:0.93:a::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:0.94:a::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:0.95:a::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:0.96:a::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:0.97:a::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:0.98:a::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b1::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b2::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b3::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b4::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b5::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b6::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b7::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b8::::::
	cpe:2.3:a:rockettheme:com_rokdownloads:1.0:b9::::::

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:13

Type	Values Removed	Values Added
References	~~() http://osvdb.org/62972 -~~	() http://osvdb.org/62972 -
References	~~() http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt - Exploit~~	() http://packetstormsecurity.org/1003-exploits/joomlarokdownloads-lfi.txt - Exploit
References	~~() http://secunia.com/advisories/38982 - Vendor Advisory~~	() http://secunia.com/advisories/38982 - Vendor Advisory
References	~~() http://www.exploit-db.com/exploits/11760 - Exploit~~	() http://www.exploit-db.com/exploits/11760 - Exploit
References	~~() http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released - Patch, Vendor Advisory~~	() http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/38741 - Exploit, Patch~~	() http://www.securityfocus.com/bid/38741 - Exploit, Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/56898 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/56898 -

Information

Published : 2010-03-23 17:30

Updated : 2024-11-21 01:13

NVD link : CVE-2010-1056

Mitre link : CVE-2010-1056

CVE.ORG link : CVE-2010-1056

JSON object : View

Products Affected

rockettheme

com_rokdownloads

joomla

joomla\!

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.8 /10