CVE-2010-2920 – Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2920
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Foobla Suggestions (com_foobla_suggestions) v1.5.1.2 de Joomla! permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro "controller" de index.php. • https://www.exploit-db.com/exploits/12120 http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt http://www.exploit-db.com/exploits/12120 http://www.securityfocus.com/bid/39341 http://www.vupen.com/english/advisories/2010/1844 https://exchange.xforce.ibmcloud.com/vulnerabilities/57660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-3669 – Joomla! Component com_foobla_suggestions (idea_id) 1.5.11 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3669
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! foobla Suggestions (com_foobla_suggestions) v1.5.11 permite a atacantes remotos ejecutar comandos SQL a través del parámetro idea_id a index.php. • https://www.exploit-db.com/exploits/9697 http://www.exploit-db.com/exploits/9697 http://www.securityfocus.com/bid/36425 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •