CVE-2010-1956

2010-05-19 14:07:52 2017-08-17 03:32:33

Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Thefactory Com gadgetfactory 1.5.0 (not an official CPE) Thefactory Com gadgetfactory 1.0.0 (not an official CPE)

Thefactory - Com gadgetfactory

Advisory	Patch	Confirmed	Link
			ADV-2010-0930
			comgadgetfactory-controller-file-include(57895)
			http://www.thefactory.ro/all-thefactory-products/gadget-...
			39547
			12285
			http://packetstormsecurity.org/1004-exploits/joomlagadge...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)