CVE-2010-4719 – Joomla! Component JRadio - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-4719
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente JRadio (com_jradio) para Joomla! anterior a v1.5.1 permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro de control a index.php. • https://www.exploit-db.com/exploits/15749 http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt http://secunia.com/advisories/42600 http://www.exploit-db.com/exploits/15749 http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56 http://www.securityfocus.com/bid/45440 https://exchange.xforce.ibmcloud.com/vulnerabilities/64143 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-4702
https://notcve.org/view.php?id=CVE-2010-4702
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el componente JRadio (com_jradio) anterior a v1.5.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://secunia.com/advisories/42600 http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56 http://www.securityfocus.com/bid/46040 https://exchange.xforce.ibmcloud.com/vulnerabilities/64862 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •