PT-2010-2802 · Open Source Matters+1 · Joomla!+1
Published
2010-03-23
·
Updated
2010-03-24
·
CVE-2010-1081
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Joomla! Community Polls (com communitypolls) version 1.5.2 and possibly earlier
Description
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the Community Polls component for Core Joomla!. This is achieved by using a .. (dot dot) in the
controller parameter to index.php.Recommendations
For version 1.5.2 and possibly earlier, consider restricting access to the
index.php endpoint until a patch is available. As a temporary workaround, avoid using the controller parameter in the index.php endpoint to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Community Polls
Joomla!