Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5280

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2010-5280
Last Modified 27 Nov 2012 12:00:00
Published 26 Nov 2012 06:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-5280

Summary

Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.

Vulnerable Systems

Application

  • Joomla-cbe Com Cbe 1.4.10

  • Joomla-cbe Com Cbe 1.4.8

  • Joomla-cbe Com Cbe 1.4.9


References

XF - joomla-cbe-file-upload(62376)

XF - joomla-cbe-index-file-include(62375)

BID - 43873

BUGTRAQ - 20101008 LFI / RCE vlunerability in Joomla Community Builder Enhenced (CBE) Component

EXPLOIT-DB - 15222

SECUNIA - 41741

MISC - http://packetstormsecurity.org/1010-exploits/joomlacbe-lfi.txt


Last Updated: 27 May 2016 10:49:51