CVE-2010-1312

2010-04-0820:30:00

CWE-22

mitre

web.nvd.nist.gov

cve

2010

1312

directory traversal

vulnerability

ijoomla news portal

com_news_portal

joomla

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.011

Percentile

85.0%

JSON

Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a … (dot dot) in the controller parameter to index.php.

Affected configurations

Nvd

Node

ijoomlacom_news_portalMatch1.5.1

ijoomlacom_news_portalMatch1.5.2

ijoomlacom_news_portalMatch1.5.3

ijoomlacom_news_portalMatch1.5.6

ijoomlacom_news_portalMatch1.5.7

AND

joomlajoomla\!

VendorProductVersionCPE
ijoomlacom_news_portal1.5.1cpe:2.3:a:ijoomla:com_news_portal:1.5.1:*:*:*:*:*:*:*
ijoomlacom_news_portal1.5.2cpe:2.3:a:ijoomla:com_news_portal:1.5.2:*:*:*:*:*:*:*
ijoomlacom_news_portal1.5.3cpe:2.3:a:ijoomla:com_news_portal:1.5.3:*:*:*:*:*:*:*
ijoomlacom_news_portal1.5.6cpe:2.3:a:ijoomla:com_news_portal:1.5.6:*:*:*:*:*:*:*
ijoomlacom_news_portal1.5.7cpe:2.3:a:ijoomla:com_news_portal:1.5.7:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ijoomla	com_news_portal	1.5.1	cpe:2.3:a:ijoomla:com_news_portal:1.5.1:::::::*
ijoomla	com_news_portal	1.5.2	cpe:2.3:a:ijoomla:com_news_portal:1.5.2:::::::*
ijoomla	com_news_portal	1.5.3	cpe:2.3:a:ijoomla:com_news_portal:1.5.3:::::::*
ijoomla	com_news_portal	1.5.6	cpe:2.3:a:ijoomla:com_news_portal:1.5.6:::::::*
ijoomla	com_news_portal	1.5.7	cpe:2.3:a:ijoomla:com_news_portal:1.5.7:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::