CVE-2010-1878

Description

Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

Affected products

• blueflyingfish.no-ip / com_orgchart1.0.0 – 1.0.0

Exploits & PoCs

• nucleiJoomla! Component OrgChart 1.0.0 - Local File Inclusionby daffainfo

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/58031
• MISChttp://www.securityfocus.com/bid/39606
• EXPLOIThttp://www.exploit-db.com/exploits/12317
• EXPLOIThttp://packetstormsecurity.org/1004-exploits/joomlaorgchart-lfi.txt