Directory Traversal Vulnerability in JE Quotation Form for Joomla!
CVE-2010-2128

Currently unrated

Key Information:

Vendor: Harmistechnology
Status: Com Jequoteform
Vendor: CVE Published:; 1 June 2010

🔔 Create Harmistechnology Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2010-2128?

The JE Quotation Form component for Joomla! is vulnerable to a directory traversal flaw, allowing remote attackers to exploit the view parameter in index.php. By manipulating input with '../' sequences, attackers can access arbitrary files on the server, potentially leading to information leakage and further attacks. Proper validation of input parameters is essential to prevent unauthorized file access.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-2128 - Proof of Concept

References

http://secunia.com/advisories/39832

third-party-advisoryx_refsource_SECUNIA

http://www.exploit-db.com/exploits/12607

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/58593

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 1, 2010
👾
Exploit known to exist
Jun 1, 2010
Vulnerability published
Jun 1, 2010
Vulnerability Reserved
Jun 1, 2010

CVE-2010-2128 Data

JSON