Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joomla-cbe com_cbe 1.4.9 |
||
joomla-cbe com_cbe 1.4.10 |
||
joomla-cbe com_cbe 1.4.8 |