CVE-2010-0696
NONE EPSS 97.9%
Published Feb 23, 201016y ago · Modified Jun 16, 20262w ago
Published Feb 23, 2010 16y ago
Last Modified Jun 16, 2026 2w ago
Description
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
Threat Intelligence
EPSS Exploit Probability
97.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| joomlaworks | jw_allvideos | 3.0 | any |
| joomlaworks | jw_allvideos | 3.1 | any |
| joomlaworks | jw_allvideos | 3.2 | any |
| joomla | joomla | * | any |
References 5
- osvdb.org http://osvdb.org/62331
- secunia.com http://secunia.com/advisories/38587
- exploit-db.com http://www.exploit-db.com/exploits/11447
- joomlaworks.gr http://www.joomlaworks.gr/content/view/77/34/
- securityfocus.com http://www.securityfocus.com/bid/38238
Remediation
- joomlaworks.gr http://www.joomlaworks.gr/content/view/77/34/