CVE-2010-2259

2010-06-0920:30:29

CWE-22

mitre

web.nvd.nist.gov

cve

2010

2259

directory traversal

vulnerability

bf survey

joomla

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the controller parameter to index.php.

Affected configurations

Nvd

Node

tamlyncreativecom_bfsurvey_profreeMatch1.2.6

AND

joomlajoomla\!

Node

tamlyncreativecom_bfsurvey_proRange≤1.3.0

AND

joomlajoomla\!

Node

tamlyncreativecom_bfsurvey_basicRange≤1.1

AND

joomlajoomla\!

VendorProductVersionCPE
tamlyncreativecom_bfsurvey_profree1.2.6cpe:2.3:a:tamlyncreative:com_bfsurvey_profree:1.2.6:*:*:*:*:*:*:*
joomlajoomla\!*cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
tamlyncreativecom_bfsurvey_pro*cpe:2.3:a:tamlyncreative:com_bfsurvey_pro:*:*:*:*:*:*:*:*
tamlyncreativecom_bfsurvey_basic*cpe:2.3:a:tamlyncreative:com_bfsurvey_basic:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tamlyncreative	com_bfsurvey_profree	1.2.6	cpe:2.3:a:tamlyncreative:com_bfsurvey_profree:1.2.6:::::::*
joomla	joomla\!	*	cpe:2.3:a:joomla:joomla\!::::::::
tamlyncreative	com_bfsurvey_pro	*	cpe:2.3:a:tamlyncreative:com_bfsurvey_pro::::::::
tamlyncreative	com_bfsurvey_basic	*	cpe:2.3:a:tamlyncreative:com_bfsurvey_basic::::::::