CVE-2009-3053

NUCLEI

jvitals com_agora 3.0.0b - Path Traversal via Action Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3053. PoCs published by ByALBAYX. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing a Local File Inclusion (LFI) vulnerability in the Joomla Component Com_Agora. It provides vulnerable URLs and dorks for finding affected sites but does not include functional exploit code.

Description

Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by ByALBAYX · textwebappsphp
https://www.exploit-db.com/exploits/9564

This is a writeup describing a Local File Inclusion (LFI) vulnerability in the Joomla Component Com_Agora. It provides vulnerable URLs and dorks for finding affected sites but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Joomla Component Com_Agora 3.0.0b
No auth needed
Prerequisites: A vulnerable Joomla installation with Com_Agora component
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Agora 3.0.0b - Local File Inclusion
MEDIUMby daffainfo

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9564
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36207
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52964

Scores

EPSS 0.0156
EPSS Percentile 81.9%

Details

CWE
CWE-22
Status published
Products (1)
jvitals/com_agora 3.0.0b
Published Sep 03, 2009
Tracked Since Feb 18, 2026