CVE-2010-1858 – Joomla! Component SMEStorage - Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-1858

Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente de Joolma! SMEStorage v1.1 (com_smestorage), permite a atacantes remotos leer ficheros de su elección mediante secuencias de salto de directorio en el parámetro "controller" sobre index.php. • https://www.exploit-db.com/exploits/11853 http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt http://secunia.com/advisories/39071 http://www.exploit-db.com/exploits/11853 http://www.securityfocus.com/bid/38911 https://exchange.xforce.ibmcloud.com/vulnerabilities/57108 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •