CVE-2010-2680

Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt	Exploit
http://www.exploit-db.com/exploits/14064	Exploit
http://www.securityfocus.com/bid/41163	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/59796

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-07-12 13:27

Updated : 2024-02-28 11:41

NVD link : CVE-2010-2680

Mitre link : CVE-2010-2680

CVE.ORG link : CVE-2010-2680

JSON object : View

Products Affected

joomla

joomla\!

harmistechnology

com_jesectionfinder

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2010-2680", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-07-12T13:27:27.923", "references": [{"url": "http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/14064", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/41163", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59796", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio de en el componente para Joomla! JExtensions JE Section/Property Finder (jesectionfinder) permite a atacantes remotos incluir y ejecutar archivos locales a trav\u00e9s de secuencias de salto de directorio en el par\u00e1metro view a index.php."}], "lastModified": "2017-08-17T01:32:47.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B54A8F68-0C12-4B97-AE2B-32DC3131A893"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}