Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0760

Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published

2010-02-27T00:30:00.930

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	greatjoomla	scriptegrator_plugin	1.4.1	Yes
Application	joomla	joomla\!	*	No

References

http://secunia.com/advisories/38637 Vendor Advisory ([email protected])
http://www.osvdb.org/62484 ([email protected])
http://www.osvdb.org/62485 ([email protected])
http://secunia.com/advisories/38637 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/62484 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/62485 (af854a3a-2127-422b-91ae-364da2661108)