PT-2010-3654 · Open Source Matters+1 · Joomla!+1
Published
2010-05-25
·
Updated
2010-05-26
·
CVE-2010-2035
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Joomla! Percha Gallery component version 1.6 Beta
Description
The issue allows remote attackers to read arbitrary files and possibly have other impacts by exploiting a directory traversal vulnerability in the Percha Gallery component for Joomla!. This is achieved by using a .. (dot dot) in the
controller parameter to index.php.Recommendations
For Joomla! Percha Gallery component version 1.6 Beta, consider restricting access to the
index.php endpoint until a patch is available. As a temporary workaround, avoid using the controller parameter in the index.php endpoint to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Joomla!
Perchagallery