Lucene search

[email protected]CVE-2010-2259

HistoryJun 09, 2010 - 8:30 p.m.

CVE-2010-2259

2010-06-0920:30:29

CWE-22

[email protected]

web.nvd.nist.gov

cve

2010

2259

directory traversal

vulnerability

bf survey

joomla

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the controller parameter to index.php.

Affected configurations

NVD

Node

tamlyncreativecom_bfsurvey_profreeMatch1.2.6

AND

joomlajoomla\!

Node

tamlyncreativecom_bfsurvey_proRange≤1.3.0

AND

joomlajoomla\!

Node

tamlyncreativecom_bfsurvey_basicRange≤1.1

AND

joomlajoomla\!

CPENameOperatorVersion
tamlyncreative:com_bfsurvey_profreetamlyncreative com bfsurvey profreeeq1.2.6

CPE	Name	Operator	Version
tamlyncreative:com_bfsurvey_profree	tamlyncreative com bfsurvey profree	eq	1.2.6

References

osvdb.org/61438

packetstormsecurity.org/1001-exploits/joomlabfsurvey-lfi.txt

secunia.com/advisories/37866

www.exploit-db.com/exploits/10946

www.securityfocus.com/bid/37584

www.tamlyncreative.com.au/software/forum/index.php?topic=641.0

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

Related for CVE-2010-2259

cvelist1 checkpoint_advisories1 nuclei1 prion1 nvd1