Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.
2010-04-08T16:30:00.877
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | roberto_aloi | com_joomlapicasa2 | 2.0.0 | Yes |
| Application | roberto_aloi | com_joomlapicasa2 | 2.0.1 | Yes |
| Application | roberto_aloi | com_joomlapicasa2 | 2.0.2 | Yes |
| Application | roberto_aloi | com_joomlapicasa2 | 2.0.3 | Yes |
| Application | roberto_aloi | com_joomlapicasa2 | 2.0.4 | Yes |
| Application | roberto_aloi | com_joomlapicasa2 | 2.0.5 | Yes |
| Application | joomla | joomla\! | * | No |