2 matches found
CVE-2010-1345
This CVE-2010-1345 describes a Local File Inclusion in Joomla! CKForms (com_ckforms) 1.3.3 where an attacker can read arbitrary files via a .. sequence in the controller parameter of index.php. The issue is triggered by directory traversal in the CKForms controller, enabling access to sensitive f...
CVE-2010-1344
CVE-2010-1344 describes an SQL injection in the Joomla! CKForms (com_ckforms) component for version 1.3.3, enabling remote attackers to execute arbitrary SQL commands via the fid parameter in the detail action to index.php. Affected product: CKForms for Joomla!; vulnerability root cause: unsafe h...