Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbDrosophilaEDB-ID:34250
HistoryJul 05, 2010 - 12:00 a.m.

Joomla! Component Canteen 1.0 - Local File Inclusion

2010-07-0500:00:00
Drosophila
www.exploit-db.com
21

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/41358/info

The Miniwork Studio Canteen component for Joomla! is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Attackers can exploit the SQL-injection vulnerability to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute arbitrary local files within the context of the webserver process. Information harvested may aid in further attacks.

Canteen 1.0 is vulnerable; other versions may also be affected.

http://www.example.com/index.php?option=com_canteen&controller=../../../../../etc/passwd%00

Related

cvelist 1
cve 1
prion 1
nvd 1
nuclei 1
nessus 1
cvelist
cvelist
CVE-2010-4977
2011-11-01 22:00:00
cve
cve
CVE-2010-4977
2011-11-01 22:55:04
prion
prion
Sql injection
2011-11-01 22:55:00
nvd
nvd
CVE-2010-4977
2011-11-01 22:55:04
nuclei
nuclei
Joomla! Component Canteen 1.0 - Local File Inclusion
2021-09-27 11:02:48
nessus
nessus
Joomla! / Mambo Component Multiple Parameter Local File Include Vulnerabilities
2010-01-04 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:34250
cvelist1cve1prion1nvd1nuclei1nessus1