CVE-2010-2035 – Joomla! Component Percha Gallery 1.6 Beta - 'Controller' Traversal Arbitrary File Access
https://notcve.org/view.php?id=CVE-2010-2035
Directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Percha Gallery (com_perchagallery) v1.6 Beta de Joomla!. Permite a atacantes remotos leer ficheros de su elección y, posiblemente, tener otro impacto a través de un .. • https://www.exploit-db.com/exploits/34006 http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt http://www.securityfocus.com/bid/40244 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-0694 – Joomla! Component com_perchagallery - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0694
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. Vulnerabilidad de inyección SQL en el componente PerchaGallery (com_perchagallery) anteriores a v1.5b para Joomla! permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "id" en una acción "editunidad" a index.php. • https://www.exploit-db.com/exploits/11024 http://docs.joomla.org/Vulnerable_Extensions_List#New_format_Feed_Starts_Here http://packetstormsecurity.org/1001-exploits/joomlaperchagallery-sql.txt http://www.exploit-db.com/exploits/11024 http://www.securityfocus.com/bid/37642 https://exchange.xforce.ibmcloud.com/vulnerabilities/55447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •