ID CVE-2010-2036 Type cve Reporter NVD Modified 2010-05-26T09:44:36
Description
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
{"viewCount": 0, "lastseen": "2016-09-03T13:57:23", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "type": "cve", "description": "Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.", "assessment": {"name": "", "system": "", "href": ""}, "reporter": "NVD", "published": "2010-05-25T10:30:01", "history": [], "title": "CVE-2010-2036", "cpe": ["cpe:/a:percha:com_perchafieldsattach:1.0"], "bulletinFamily": "NVD", "edition": 1, "scanner": [], "id": "CVE-2010-2036", "cvelist": ["CVE-2010-2036"], "hash": "674398957bbefdb99b34bbf193cae3a5d67c1096229410aaf0a84546b8085980", "modified": "2010-05-26T09:44:36", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2036", "objectVersion": "1.2", "references": ["http://packetstormsecurity.org/1005-exploits/joomlaperchafa-lfi.txt", "http://www.securityfocus.com/bid/40244"], "enchantments": {"vulnersScore": 3.3}}
{"result": {"exploitdb": [{"id": "EDB-ID:34004", "type": "exploitdb", "title": "Percha Fields Attach 1.0 Component for Joomla! index.php controller Parameter Traversal Arbitrary File Access", "description": "Percha Fields Attach 1.0 Component for Joomla! index.php controller Parameter Traversal Arbitrary File Access. CVE-2010-2036 . Webapps exploit for php platform", "published": "2010-05-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/34004/", "cvelist": ["CVE-2010-2036"], "lastseen": "2016-02-03T20:18:04"}], "nessus": [{"id": "JOOMLA_COMPONENTS_CONTROLLER_LFI.NASL", "type": "nessus", "title": "Joomla! / Mambo Component Multiple Parameter Local File Include Vulnerabilities", "description": "The remote host contains a component for Joomla! or Mambo that fails to sanitize user-supplied input to multiple parameters in a GET request before using it to include PHP code. Regardless of the PHP 'register_globals' setting, an unauthenticated, remote attacker can exploit this issue to disclose arbitrary files or possibly execute arbitrary PHP code on the remote host, subject to the privileges of the web server user ID.", "published": "2010-01-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43636", "cvelist": ["CVE-2010-1345", "CVE-2010-1875", "CVE-2010-1352", "CVE-2010-1981", "CVE-2010-2507", "CVE-2010-0972", "CVE-2010-0944", "CVE-2010-1308", "CVE-2010-1653", "CVE-2010-1723", "CVE-2010-0157", "CVE-2010-1602", "CVE-2010-1878", "CVE-2010-2034", "CVE-2010-1534", "CVE-2011-4804", "CVE-2010-1658", "CVE-2010-1056", "CVE-2010-1478", "CVE-2010-1718", "CVE-2010-2036", "CVE-2010-1475", "CVE-2010-1494", "CVE-2010-1340", "CVE-2010-1607", "CVE-2010-1470", "CVE-2010-1471", "CVE-2010-2050", "CVE-2010-1472", "CVE-2010-1473", "CVE-2010-1491", "CVE-2010-0467", "CVE-2010-1304", "CVE-2010-1314", "CVE-2010-1715", "CVE-2010-2033", "CVE-2010-1474", "CVE-2010-1081", "CVE-2010-2122", "CVE-2010-3426", "CVE-2010-1305", "CVE-2010-1469", "CVE-2010-1354", "CVE-2010-1954", "CVE-2010-1717", "CVE-2010-2035", "CVE-2010-1306", "CVE-2010-1952", "CVE-2010-1956", "CVE-2010-1858", "CVE-2010-1722", "CVE-2010-0676", "CVE-2010-1719", "CVE-2010-1312", "CVE-2010-1979", "CVE-2010-4977", "CVE-2010-1953", "CVE-2010-1980", "CVE-2010-2037", "CVE-2010-1714"], "lastseen": "2017-10-29T13:37:39"}]}}