Lucene search

MitreCVE-2010-1353

HistoryApr 12, 2010 - 6:30 p.m.

CVE-2010-1353

2010-04-1218:30:01

CWE-22

mitre

web.nvd.nist.gov

cve

2010

1353

directory traversal

vulnerability

loginbox pro

joomla

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.018

Percentile

88.0%

JSON

Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a … (dot dot) in the view parameter to index.php.

Affected configurations

Nvd

Node

wowjoomlacom_loginbox

AND

joomlajoomla\!

VendorProductVersionCPE
wowjoomlacom_loginbox*cpe:2.3:a:wowjoomla:com_loginbox:*:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wowjoomla	com_loginbox	*	cpe:2.3:a:wowjoomla:com_loginbox::::::::
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::

References

packetstormsecurity.org/1004-exploits/joomlaloginbox-lfi.txt

secunia.com/advisories/39349

www.exploit-db.com/exploits/12068

www.securityfocus.com/bid/39212

www.vupen.com/english/advisories/2010/0808

exchange.xforce.ibmcloud.com/vulnerabilities/57533

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.018

Percentile

88.0%

JSON

Related for CVE-2010-1353