CVE-2010-0760 – Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0760
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de salto de directorio en el plugin Core Design Scriptegrator plugin 1.4.1 para Joomla!, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro (1) file sobre libraries/jquery/js/ui/jsloader.php y (2) files[] sobre libraries/jquery/js/jsloader.php , vector distinto a CVE-2010-0759. • https://www.exploit-db.com/exploits/11498 http://secunia.com/advisories/38637 http://www.osvdb.org/62484 http://www.osvdb.org/62485 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-0759 – Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-0759
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760. Múltiples vulnerabilidades de salto de directorio en plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php en el plugin Core Design Scriptegrator v1.4.1 para Joomla!, permite a atacantes remotos leer, y posiblemente incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro files[], es un vector diferente a CVE-2010-0760. • https://www.exploit-db.com/exploits/11498 http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txt http://secunia.com/advisories/38637 http://www.exploit-db.com/exploits/11498 http://www.osvdb.org/62486 http://www.securityfocus.com/bid/38296 https://exchange.xforce.ibmcloud.com/vulnerabilities/56380 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •