CVE-2010-0696 – Joomla! Component Jw_allVideos - Arbitrary File Download

https://notcve.org/view.php?id=CVE-2010-0696

23 Feb 2010 — Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. Vulnerabilidad de salto de directorio en includes/download.php en el plugin JoomlaWorks AllVideos (Jw_allVideos) desde v3.0 hasta v3.2 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de ./../.../ (punto punto modificado) en el parámetro "fi... • https://www.exploit-db.com/exploits/11447 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •