CVE-2010-1217 – Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-1217

Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. Vulnerabilidad de salto de directorio en el componente JE Form Creator (com_jeformcr) para Joomla!, cuando magic_quotes_gpc está desactivado, permite a atacantes remotos leer archivos de su elección a través de una secuencia de salto de directorio en el parámetro view en index.php. • https://www.exploit-db.com/exploits/11814 http://osvdb.org/63120 http://secunia.com/advisories/39063 http://www.exploit-db.com/exploits/11814 http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt http://www.securityfocus.com/bid/38866 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •