CVE-2010-0759

EXPLOITED NUCLEI

Core Design Scriptegrator <1.4.1 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2010-0759 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including S2 Crew. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in the Core Design Scriptegrator plugin for Joomla! 1.5. The jsloader.php script includes files specified via the 'files' GET parameter without proper validation, allowing an attacker to read arbitrary files accessible to the web server user.

Description

Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.

Exploits (1)

exploitdb WORKING POC VERIFIED

by S2 Crew · textwebappsphp

https://www.exploit-db.com/exploits/11498

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion vulnerability in the Core Design Scriptegrator plugin for Joomla! 1.5. The jsloader.php script includes files specified via the 'files' GET parameter without proper validation, allowing an attacker to read arbitrary files accessible to the web server user.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Core Design Scriptegrator plugin for Joomla! 1.5

No auth needed

Prerequisites: Target must have the vulnerable plugin installed · Attacker must be able to send HTTP requests to the target

MITRE ATT&CK