Lucene search

MitreCVE-2010-2045

HistoryMay 25, 2010 - 6:30 p.m.

CVE-2010-2045

2010-05-2518:30:01

CWE-22

mitre

web.nvd.nist.gov

cve-2010-2045

directory traversal

dione form wizard

joomla!

remote file read

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

Affected configurations

Nvd

Node

dionesoftcom_dioneformwizardMatch1.0.2

AND

joomlajoomla\!

VendorProductVersionCPE
dionesoftcom_dioneformwizard1.0.2cpe:2.3:a:dionesoft:com_dioneformwizard:1.0.2:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dionesoft	com_dioneformwizard	1.0.2	cpe:2.3:a:dionesoft:com_dioneformwizard:1.0.2:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

osvdb.org/64633

packetstormsecurity.org/1005-exploits/joomlafdione-lfi.txt

secunia.com/advisories/39755

www.exploit-db.com/exploits/12595

www.securityfocus.com/bid/40166

exchange.xforce.ibmcloud.com/vulnerabilities/58574

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

Related for CVE-2010-2045