Published: 27/02/2010 Updated: 01/03/2010

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
greatjoomla scriptegrator_plugin 1.4.1

# Exploit Title: Core Design Scriptegrator plugin for Joomla! 15 file inclusion # Author: S2 Crew [Hungary] # Tested on: Debian Linux, Apache, Joomla! 15 # Code: There's a file called jsloaderphp which takes an array of file names from the HTTP GET parameters and calls include() on every one of them -----------------8<-------------------- ...

CWE-22 http://www.osvdb.org/62485 http://secunia.com/advisories/38637 http://www.osvdb.org/62484 https://nvd.nist.gov https://www.exploit-db.com/exploits/11498/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0760

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect