CVE-2010-0696

NUCLEI

JoomlaWorks AllVideos <3.2 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.

Exploits (1)

exploitdb WRITEUP

by Pouya Daneshmand · textwebappsphp

https://www.exploit-db.com/exploits/11447

View Code ZIP pw:eip

Nuclei Templates (1)

Joomla! Component Jw_allVideos - Arbitrary File Retrieval

MEDIUMby daffainfo

References (5)

[Vendor Advisory] http://secunia.com/advisories/38587

[Patch, Vendor Advisory] http://www.joomlaworks.gr/content/view/77/34/

[Exploit] http://www.securityfocus.com/bid/38238

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/11447

[Third Party Advisory, VDB Entry] http://osvdb.org/62331

Scores

EPSS 0.1603

EPSS Percentile 94.8%

Details

CWE

CWE-22

Status published

Products (3)

joomlaworks/jw_allvideos 3.0

joomlaworks/jw_allvideos 3.1

joomlaworks/jw_allvideos 3.2

Published Feb 23, 2010

Tracked Since Feb 18, 2026