CVE-2010-2920 – Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-2920

Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Foobla Suggestions (com_foobla_suggestions) v1.5.1.2 de Joomla! permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro "controller" de index.php. • https://www.exploit-db.com/exploits/12120 http://packetstormsecurity.org/1004-exploits/joomlafoobla-lfi.txt http://www.exploit-db.com/exploits/12120 http://www.securityfocus.com/bid/39341 http://www.vupen.com/english/advisories/2010/1844 https://exchange.xforce.ibmcloud.com/vulnerabilities/57660 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •