CVE-2009-4679

NUCLEI

Joomla! com_if_nexus 1.5 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4679. PoCs published by F10riX, FL0RiX. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided code is a writeup describing a local file inclusion (LFI) vulnerability in the iF Portfolio Nexus component for Joomla!. It includes an example URI demonstrating the vulnerability but lacks executable exploit code.

Description

Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by F10riX · textwebappsphp

https://www.exploit-db.com/exploits/33440

View Code ZIP pw:eip

The provided code is a writeup describing a local file inclusion (LFI) vulnerability in the iF Portfolio Nexus component for Joomla!. It includes an example URI demonstrating the vulnerability but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Lfi

Complexity

Trivial

Reliability

Theoretical

Target: iF Portfolio Nexus (com_if_nexus) component for Joomla!

No auth needed

Prerequisites: Access to the vulnerable Joomla! component

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by FL0RiX · textwebappsmultiple

https://www.exploit-db.com/exploits/10754

View Code ZIP pw:eip

This is a writeup describing a Local File Inclusion (LFI) vulnerability in the Joomla component com_if_nexus. The vulnerability allows an attacker to include local files via the 'controller' parameter in the URL.

Classification

Writeup 90%

Attack Type

Lfi

Complexity

Trivial

Reliability

Theoretical

Target: Joomla with com_if_nexus component

No auth needed

Prerequisites: Joomla installation with vulnerable com_if_nexus component

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Joomla! Portfolio Nexus - Remote File Inclusion

HIGHby daffainfo

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37473

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10754

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37760

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/61382

Scores

EPSS 0.0632

EPSS Percentile 91.2%

Details

CWE

CWE-22

Status published

Products (1)

inertialfate/com_if_nexus 1.5

Published Mar 08, 2010

Tracked Since Feb 18, 2026