CVE-2010-3028

The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/40882	Vendor Advisory
http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365
http://www.osvdb.org/66924
http://www.securityfocus.com/bid/42239
https://exchange.xforce.ibmcloud.com/vulnerabilities/60927
http://secunia.com/advisories/40882	Vendor Advisory
http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365
http://www.osvdb.org/66924
http://www.securityfocus.com/bid/42239
https://exchange.xforce.ibmcloud.com/vulnerabilities/60927

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:simon_philips:aardvertiser:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/40882 - Vendor Advisory~~	() http://secunia.com/advisories/40882 - Vendor Advisory
References	~~() http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365 -~~	() http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365 -
References	~~() http://www.osvdb.org/66924 -~~	() http://www.osvdb.org/66924 -
References	~~() http://www.securityfocus.com/bid/42239 -~~	() http://www.securityfocus.com/bid/42239 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/60927 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/60927 -

Information

Published : 2010-08-16 20:00

Updated : 2024-11-21 01:17

NVD link : CVE-2010-3028

Mitre link : CVE-2010-3028

CVE.ORG link : CVE-2010-3028

JSON object : View

Products Affected

joomla

joomla

simon_philips

aardvertiser

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2010-3028", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-16T20:00:03.857", "references": [{"url": "http://secunia.com/advisories/40882", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/66924", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/42239", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60927", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/40882", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/66924", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/42239", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60927", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files."}, {"lang": "es", "value": "El componente Aardvertiser en versiones anteriores a la v2.2.1 de Joomla! utiliza permisos inseguros (777) en carpetas sin especificar, lo que permite a usuarios locales modificar, crear o borrar determinados ficheros."}], "lastModified": "2024-11-21T01:17:54.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simon_philips:aardvertiser:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70D54BA9-F25F-4890-8DED-742EDB4AAEC3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E45D1087-8182-43A1-81BD-B0D5A535EC98"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}