CVE-2010-2045 – Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-2045

Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Dione Form Wizard (aka FDione or com_dioneformwizard) v1.0.2 de Joomla! permite a atacantes remotos leer ficheros de su elección mediante secuencias de salto de directorio en el parámetro "controller" sobre index.php. • https://www.exploit-db.com/exploits/12595 http://osvdb.org/64633 http://packetstormsecurity.org/1005-exploits/joomlafdione-lfi.txt http://secunia.com/advisories/39755 http://www.exploit-db.com/exploits/12595 http://www.securityfocus.com/bid/40166 https://exchange.xforce.ibmcloud.com/vulnerabilities/58574 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •