CVE-2010-1268

justVisual CMS 2.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1268. PoCs published by eidelweiss.

AI-analyzed exploit summary The code describes a Local File Inclusion (LFI) vulnerability in justVisual 2.0's index.php. The vulnerability arises from improper sanitization of the 'p' parameter, allowing path traversal attacks.

Description

Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by eidelweiss · textwebappsphp
https://www.exploit-db.com/exploits/11876

The code describes a Local File Inclusion (LFI) vulnerability in justVisual 2.0's index.php. The vulnerability arises from improper sanitization of the 'p' parameter, allowing path traversal attacks.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: justVisual 2.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11876
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38970
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39093
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/63156
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57174

Scores

EPSS 0.0230
EPSS Percentile 81.0%

Details

CWE
CWE-22
Status published
Products (1)
fh54/justvisual 2.0
Published Apr 06, 2010
Tracked Since Feb 18, 2026