Directory Traversal Vulnerability in Linker IMG Plugin by Linker
CVE-2010-2456

Currently unrated

Key Information:

Vendor

Codelib

Status
Linker Img
Vendor
CVE Published:
25 June 2010

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2010-2456?

Multiple directory traversal vulnerabilities exist in the index.php file of Linker IMG version 1.0 and earlier. These vulnerabilities can be exploited by remote attackers to read and execute arbitrary local files by manipulating the cook_lan cookie parameter or the Sdb_type parameter. The issue arose from an inadequate validation of user inputs, facilitating unauthorized access to sensitive files residing on the server. Awareness of these vulnerabilities is critical to maintaining the security of applications utilizing this plugin.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-2456 - Proof of Concept

CVE-2010-2456 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/59614
vdb-entryx_refsource_XF
http://packetstormsecurity.org/1006-exploits/linkerimg-rf...
x_refsource_MISC
http://www.attrition.org/pipermail/vim/2010-June/002354.html
mailing-listx_refsource_VIM

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.