daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2010/CVE-2010-1217.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-02-13 13:59:50 -05:00
parent dad3e7fdb0
commit b0279dec53
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2010/CVE-2010-1217.yaml
View File

@ -3,7 +3,7 @@ info:
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
author: daffainfo
severity: high
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
remediation: Apply all relevant security patches and product upgrades.
reference:
- https://www.exploit-db.com/exploits/11814