3 results (0.006 seconds)

CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 2

Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilida de salto de directorio en el componente obSuggest (com_obsuggest) antes de v1.8 para Joomla! permite a atacantes remotos leer archivos de su elección a través del parámetro .. • https://www.exploit-db.com/exploits/36598 http://foobla.com/news/latest/obsuggest-1.8-security-release.html http://secunia.com/advisories/46844 http://www.securityfocus.com/bid/48944 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 4

Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Foobla Suggestions (com_foobla_suggestions) v1.5.1.2 de Joomla! permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro "controller" de index.php. • https://www.exploit-db.com/exploits/12120 http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt http://www.exploit-db.com/exploits/12120 http://www.securityfocus.com/bid/39341 http://www.vupen.com/english/advisories/2010/1844 https://exchange.xforce.ibmcloud.com/vulnerabilities/57660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! foobla Suggestions (com_foobla_suggestions) v1.5.11 permite a atacantes remotos ejecutar comandos SQL a través del parámetro idea_id a index.php. • https://www.exploit-db.com/exploits/9697 http://www.exploit-db.com/exploits/9697 http://www.securityfocus.com/bid/36425 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •