Remote File Inclusion Vulnerability in Joomla! SEF404x Component
CVE-2010-2681

Currently unrated

Key Information:

Vendor: Joomla
Status: Com Sef
Vendor: CVE Published:; 12 July 2010

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2010-2681?

The Joomla! SEF404x (com_sef) component is susceptible to a PHP remote file inclusion vulnerability. Attackers can exploit this weakness by manipulating the mosConfig.absolute.path parameter in the index.php file, enabling them to execute arbitrary PHP code remotely. This flaw highlights the critical need for robust security practices in web applications to protect against unauthorized code execution.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-2681 - Proof of Concept

References

http://www.exploit-db.com/exploits/14055

exploitx_refsource_EXPLOIT-DB

http://www.vupen.com/english/advisories/2010/1619

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/41166

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Jul 12, 2010
👾
Exploit known to exist
Jul 12, 2010
Vulnerability published
Jul 12, 2010

CVE-2010-2681 Data

JSON