CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 4CVE-2009-4679 – Joomla! Component com_if_nexus - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4679
08 Mar 2010 — Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente para Joomla! inertialFATE iF Portfolio Nexus (com_if_nexus), permite a atacantes remotos incluir y ejecutar ficheros locales de su elección al utilizar caracteres .. • https://www.exploit-db.com/exploits/10754 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4057 – Joomla! Extension iF Portfolio Nexus - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4057
24 Nov 2009 — SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php. Una vulnerabilidad de inyección SQL en el componente de Joomla! inertialFATE iF Portfolio Nexus (com_if_nexus) 1.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción de elemento a index.php. • https://www.exploit-db.com/exploits/10177 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •