Lucene search

[email protected]CVE-2010-0944

HistoryMar 08, 2010 - 3:30 p.m.

CVE-2010-0944

2010-03-0815:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-0944

directory traversal

jcollection

joomla

remote attackers

arbitrary files

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

JSON

Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a … (dot dot) in the controller parameter to index.php.

Affected configurations

NVD

Node

thorsten_riesscom_jcollection

AND

joomlajoomla\!

CPENameOperatorVersion
thorsten_riess:com_jcollectionthorsten riess com jcollectioneq*

CPE	Name	Operator	Version
thorsten_riess:com_jcollection	thorsten riess com jcollection	eq	*

References

packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt

www.exploit-db.com/exploits/11088

www.securityfocus.com/bid/37691

exchange.xforce.ibmcloud.com/vulnerabilities/55514

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2010-0944

cvelist1 nuclei1 prion1 nvd1 nessus1