CVE-2010-4270

Name of the Vulnerable Software and Affected Versions nBill (com netinvoice) versions prior to 2.0.9 standard edition nBill (com netinvoice) versions prior to 2.0.10 lite edition nBill (com netinvoice) version 1.2 10 for Joomla

Description The issue allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to API endpoints such as "administrator/components/com nbill/admin.nbill.php", "components/com nbill/nbill.php", "administrator/components/com netinvoice/admin.netinvoice.php", or "components/com netinvoice/netinvoice.php". This has been exploited in the wild.

Recommendations For nBill (com netinvoice) versions prior to 2.0.9 standard edition, update to version 2.0.9 or later. For nBill (com netinvoice) versions prior to 2.0.10 lite edition, update to version 2.0.10 or later. For nBill (com netinvoice) version 1.2 10 for Joomla, update to a version later than 1.2 10. As a temporary workaround, consider restricting access to the affected API endpoints until a patch is available.