Lucene search

[email protected]CVE-2010-1956

HistoryMay 19, 2010 - 12:07 p.m.

CVE-2010-1956

2010-05-1912:07:52

CWE-22

[email protected]

web.nvd.nist.gov

cve-2010-1956

gadget factory

joomla

directory traversal

vulnerability

remote attackers

arbitrary files

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.061 Low

EPSS

Percentile

93.5%

JSON

Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a … (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

thefactorycom_gadgetfactoryMatch1.0.0

thefactorycom_gadgetfactoryMatch1.5.0

AND

joomlajoomla\!

CPENameOperatorVersion
thefactory:com_gadgetfactorythefactory com gadgetfactoryeq1.0.0
thefactory:com_gadgetfactorythefactory com gadgetfactoryeq1.5.0

CPE	Name	Operator	Version
thefactory:com_gadgetfactory	thefactory com gadgetfactory	eq	1.0.0
thefactory:com_gadgetfactory	thefactory com gadgetfactory	eq	1.5.0

References

osvdb.org/63917

packetstormsecurity.org/1004-exploits/joomlagadgetfactory-lfi.txt

secunia.com/advisories/39522

www.exploit-db.com/exploits/12285

www.securityfocus.com/bid/39547

www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html

www.vupen.com/english/advisories/2010/0930

exchange.xforce.ibmcloud.com/vulnerabilities/57895

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

5.7 Medium

AI Score

Confidence

High

0.061 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2010-1956

nvd1 nuclei1 prion1 cvelist1 nessus1