CVSS: 5.0EPSS: 44%CPEs: 4EXPL: 3CVE-2010-0696 – Joomla! Component Jw_allVideos - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2010-0696
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. Vulnerabilidad de salto de directorio en includes/download.php en el plugin JoomlaWorks AllVideos (Jw_allVideos) desde v3.0 hasta v3.2 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de ./../.../ (punto punto modificado) en el parámetro "file". • https://www.exploit-db.com/exploits/11447 http://osvdb.org/62331 http://secunia.com/advisories/38587 http://www.exploit-db.com/exploits/11447 http://www.joomlaworks.gr/content/view/77/34 http://www.securityfocus.com/bid/38238 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •