CVE-2010-0985

Description

Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.

Affected products

• chris_simon / com_abbrev1.1 – 1.1

Exploits & PoCs

• nucleiJoomla! Component com_abbrev - Local File Inclusionby daffainfo

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/37834
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/55348
• MISChttp://osvdb.org/61458
• EXPLOIThttp://www.exploit-db.com/exploits/10948
• MISChttp://www.securityfocus.com/bid/37560